pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_A...
Submission: On July 11 via api (July 11th 2023, 12:13:10 am UTC) from TR — Scanned from DE

Summary HTTP 351 Redirects Behaviour Indicators

Summary

This website contacted 57 IPs in 10 countries across 50 domains to perform 351 HTTP transactions. The main IP is 20.60.220.36, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is pcloak.blob.core.windows.net.
TLS certificate: Issued by Microsoft RSA TLS CA 02 on March 22nd 2023. Valid for: a year.

This is the only time pcloak.blob.core.windows.net was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	20.60.220.36 20.60.220.36	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	77.245.159.14 77.245.159.14	42868 (NIOBEBILI...) (NIOBEBILISIMHIZMETLERI)
4	2606:4700:10:... 2606:4700:10::6814:e66f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	2a06:98c1:312... 2a06:98c1:3120::3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	31.3.2.79 31.3.2.79	21245 (MEDIANOVA...) (MEDIANOVA-CDN)
43	185.7.176.221 185.7.176.221	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
2	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:36::178	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
11	2a00:1450:400... 2a00:1450:4001:802::2002	15169 (GOOGLE) (GOOGLE)
54	2a00:1450:400... 2a00:1450:4001:80f::2002	15169 (GOOGLE) (GOOGLE)
3	108.138.1.25 108.138.1.25	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82b::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:831::2002	15169 (GOOGLE) (GOOGLE)
3	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	35.241.45.217 35.241.45.217	15169 (GOOGLE) (GOOGLE)
5	185.7.176.222 185.7.176.222	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	108.138.9.235 108.138.9.235	16509 (AMAZON-02) (AMAZON-02)
7	2a00:1450:400... 2a00:1450:4001:827::2002	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:809::2001	15169 (GOOGLE) (GOOGLE)
4	18.66.147.18 18.66.147.18	16509 (AMAZON-02) (AMAZON-02)
1	34.102.243.38 34.102.243.38	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	160.16.238.49 160.16.238.49	9370 (SAKURA-B ...) (SAKURA-B SAKURA Internet Inc.)
13	2a00:1450:400... 2a00:1450:4001:831::200a	15169 (GOOGLE) (GOOGLE)
1 3	92.222.252.174 92.222.252.174	16276 (OVH) (OVH)
3	2a00:1450:400... 2a00:1450:4001:829::200a	15169 (GOOGLE) (GOOGLE)
29	2a00:1450:400... 2a00:1450:4001:813::2001	15169 (GOOGLE) (GOOGLE)
1	142.250.184.230 142.250.184.230	15169 (GOOGLE) (GOOGLE)
16	2607:f8b0:402... 2607:f8b0:4023::78	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:4001:80f::2003	15169 (GOOGLE) (GOOGLE)
3	74.125.133.156 74.125.133.156	15169 (GOOGLE) (GOOGLE)
21	2a00:1450:400... 2a00:1450:4001:812::2006	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2002	15169 (GOOGLE) (GOOGLE)
6	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
1 8	188.165.145.88 188.165.145.88	16276 (OVH) (OVH)
5	2a00:1450:400... 2a00:1450:4001:831::2004	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:400e:1b::7	15169 (GOOGLE) (GOOGLE)
3 3	2a00:1450:400... 2a00:1450:400e:17::7	15169 (GOOGLE) (GOOGLE)
6	2a00:1450:400... 2a00:1450:400e:17::9	15169 (GOOGLE) (GOOGLE)
8 35	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
4 8	185.80.39.216 185.80.39.216	27381 (CASALE-MEDIA) (CASALE-MEDIA)
5 7	37.252.171.52 37.252.171.52	29990 (ASN-APPNEX) (ASN-APPNEX)
1	185.7.176.4 185.7.176.4	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	2620:116:800d... 2620:116:800d:21:ef75:8280:f209:5ba1	16509 (AMAZON-02) (AMAZON-02)
4 4	3.120.19.26 3.120.19.26	16509 (AMAZON-02) (AMAZON-02)
3 3	37.157.4.25 37.157.4.25	198622 (ADFORM) (ADFORM)
1	35.227.252.103 35.227.252.103	15169 (GOOGLE) (GOOGLE)
2 3	51.89.9.251 51.89.9.251	16276 (OVH) (OVH)
1 2	104.102.35.84 104.102.35.84	16625 (AKAMAI-AS) (AKAMAI-AS)
4 4	35.157.165.108 35.157.165.108	16509 (AMAZON-02) (AMAZON-02)
1 1	35.190.0.66 35.190.0.66	15169 (GOOGLE) (GOOGLE)
2 2	213.155.156.165 213.155.156.165	1299 (TWELVE99 ...) (TWELVE99 Arelion)
2 2	34.246.32.191 34.246.32.191	16509 (AMAZON-02) (AMAZON-02)
5 5	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1	185.86.139.101 185.86.139.101	201081 (SMARTADSE...) (SMARTADSERVER)
1 1	35.186.193.173 35.186.193.173	15169 (GOOGLE) (GOOGLE)
1 1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	34.96.105.8 34.96.105.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	85.114.159.93 85.114.159.93	24961 (MYLOC-AS ...) (MYLOC-AS IP Backbone of myLoc managed IT AG)
1 1	2a05:d018:d29... 2a05:d018:d29:3601:3913:20ff:833f:762d	16509 (AMAZON-02) (AMAZON-02)
1 1	20.127.253.7 20.127.253.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	162.19.138.82 162.19.138.82	16276 (OVH) (OVH)
1 2	185.7.176.223 185.7.176.223	42910 (PREMIERDC...) (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH)
1	146.59.30.108 146.59.30.108	16276 (OVH) (OVH)
2	141.101.90.97 141.101.90.97	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2a00:1450:400... 2a00:1450:4001:829::2002	15169 (GOOGLE) (GOOGLE)
1 2	52.208.175.244 52.208.175.244	() ()
1 2	52.48.127.113 52.48.127.113	() ()
1	37.157.6.233 37.157.6.233	() ()
351	57

4 20.60.220.36 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

pcloak.blob.core.windows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 77.245.159.14 (Turkey)

ASN42868 (NIOBEBILISIMHIZMETLERI, TR)
PTR: stilgar.wlsrv.com

www.cloakan.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:10::6814:e66f (United States)

ASN13335 (CLOUDFLARENET, US)

www.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i2.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 2a06:98c1:3120::3 (United States)

ASN13335 (CLOUDFLARENET, US)

mn.nytcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.3.2.79 (Frankfurt am Main, Germany)

ASN21245 (MEDIANOVA-CDN, TR)

i.nefisyemektarifleri.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

43 185.7.176.221 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

static.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ng2.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
logger.virgul.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2a00:1450:4001:802::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

securepubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

54 2a00:1450:4001:80f::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.138.1.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-1-25.fra56.r.cloudfront.net

c.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ampcid.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.217 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 217.45.241.35.bc.googleusercontent.com

pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 185.7.176.222 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

c1.imgiz.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.9.235 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-9-235.fra56.r.cloudfront.net

aax.amazon-adsystem.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:827::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:809::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 18.66.147.18 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-147-18.fra60.r.cloudfront.net

bitbeat7.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.102.243.38 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 38.243.102.34.bc.googleusercontent.com

feed.pghub.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 160.16.238.49 (Tokyo, Japan)

ASN9370 (SAKURA-B SAKURA Internet Inc., JP)
PTR: tk2-261-40045.vs.sakura.ne.jp

placehold.jp	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

imasdk.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 92.222.252.174 (Paris, France) 1 redirects

ASN16276 (OVH, FR)
PTR: ip174.ip-92-222-252.eu

trgde.adocean.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

29 2a00:1450:4001:813::2001 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

tpc.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.230 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

16 2607:f8b0:4023::78 (Clarksville, United States)

ASN15169 (GOOGLE, US)

csi.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 74.125.133.156 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f156.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2a00:1450:4001:812::2006 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s0.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads4.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 188.165.145.88 (France) 1 redirects

ASN16276 (OVH, FR)

gdetr.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:808::200e (Frankfurt am Main, Germany) 3 redirects

ASN15169 (GOOGLE, US)

gcdn.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400e:1b::7 (Ireland) 3 redirects

ASN15169 (GOOGLE, US)

r2---sn-5hnednss.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:400e:17::7 (Ireland) 3 redirects

ASN15169 (GOOGLE, US)

r2---sn-5hne6n6e.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:400e:17::9 (Ireland)

ASN15169 (GOOGLE, US)

r4---sn-5hne6n6e.c.2mdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 142.250.186.98 (United States) 8 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 185.80.39.216 (Canada) 4 redirects

ASN27381 (CASALE-MEDIA, CA)

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ssum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 37.252.171.52 (Frankfurt am Main, Germany) 5 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.7.176.4 (Turkey)

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

panel.izlesene.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:116:800d:21:ef75:8280:f209:5ba1 (United States)

ASN16509 (AMAZON-02, US)

cms.quantserve.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 3.120.19.26 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-120-19-26.eu-central-1.compute.amazonaws.com

pm.w55c.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 37.157.4.25 (Denmark) 3 redirects

ASN198622 (ADFORM, DK)

c1.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.227.252.103 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 103.252.227.35.bc.googleusercontent.com

rtb.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 51.89.9.251 (London, United Kingdom) 2 redirects

ASN16276 (OVH, FR)
PTR: ip251.ip-51-89-9.eu

onetag-sys.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.102.35.84 (Frankfurt am Main, Germany) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-102-35-84.deploy.static.akamaitechnologies.com

sync.teads.tv	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.157.165.108 (Frankfurt am Main, Germany) 4 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-35-157-165-108.eu-central-1.compute.amazonaws.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.190.0.66 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 66.0.190.35.bc.googleusercontent.com

ads.travelaudience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 213.155.156.165 (Sweden) 2 redirects

ASN1299 (TWELVE99 Arelion, fka Telia Carrier, SE)

d5p.de17a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.246.32.191 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-246-32-191.eu-west-1.compute.amazonaws.com

match.360yield.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 46.228.174.117 (United Kingdom) 5 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 185.86.139.101 (France)

ASN201081 (SMARTADSERVER, FR)

ssbsync.smartadserver.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.193.173 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 173.193.186.35.bc.googleusercontent.com

gcm.ctnsnet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.96.105.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.105.96.34.bc.googleusercontent.com

tr.blismedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 85.114.159.93 (Bad Durrheim, Germany) 1 redirects

ASN24961 (MYLOC-AS IP Backbone of myLoc managed IT AG, DE)
PTR: dsp.adfarm1.adition.com

dsp.adfarm1.adition.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:d29:3601:3913:20ff:833f:762d (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

pr-bh.ybp.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 20.127.253.7 (Tappahannock, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

sync.inmobi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.19.138.82 (Frankfurt am Main, Germany)

ASN16276 (OVH, FR)
PTR: ns31532337.ip-162-19-138.eu

id5-sync.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.7.176.223 (Turkey) 1 redirects

ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR)

istr.izlesene.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
istr-n23.nktcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.59.30.108 (France)

ASN16276 (OVH, FR)
PTR: ip108.ip-146-59-30.eu

ls.hit.gemius.pl	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 141.101.90.97 (United States)

ASN13335 (CLOUDFLARENET, US)

portal.o2online.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:829::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

pubads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.175.244 (None, ) 1 redirects

ASN- ()

samsungturkey.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.48.127.113 (None, ) 1 redirects

ASN- ()

unilever.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 37.157.6.233 (None, )

ASN- ()

adx.adform.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
89	googlesyndication.com pagead2.googlesyndication.com — Cisco Umbrella Rank: 135 a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com tpc.googlesyndication.com — Cisco Umbrella Rank: 160	706 KB
67	doubleclick.net 8 redirects securepubads.g.doubleclick.net — Cisco Umbrella Rank: 216 googleads.g.doubleclick.net — Cisco Umbrella Rank: 57 ad.doubleclick.net — Cisco Umbrella Rank: 184 bid.g.doubleclick.net — Cisco Umbrella Rank: 810 googleads4.g.doubleclick.net — Cisco Umbrella Rank: 346 cm.g.doubleclick.net — Cisco Umbrella Rank: 254 pubads.g.doubleclick.net — Cisco Umbrella Rank: 417	412 KB
43	virgul.com static.virgul.com — Cisco Umbrella Rank: 81866 ng.virgul.com — Cisco Umbrella Rank: 65490 ng2.virgul.com — Cisco Umbrella Rank: 74231 logger.virgul.com — Cisco Umbrella Rank: 84088	253 KB
36	2mdn.net 9 redirects s0.2mdn.net — Cisco Umbrella Rank: 325 gcdn.2mdn.net — Cisco Umbrella Rank: 1112 r2---sn-5hnednss.c.2mdn.net — Cisco Umbrella Rank: 459149 r2---sn-5hne6n6e.c.2mdn.net — Cisco Umbrella Rank: 501017 r4---sn-5hne6n6e.c.2mdn.net — Cisco Umbrella Rank: 432813	7 MB
22	gstatic.com csi.gstatic.com fonts.gstatic.com	94 KB
16	googleapis.com imasdk.googleapis.com — Cisco Umbrella Rank: 500 fonts.googleapis.com — Cisco Umbrella Rank: 88	1 MB
13	google.com ampcid.google.com — Cisco Umbrella Rank: 2261 adservice.google.com — Cisco Umbrella Rank: 113 www.google.com — Cisco Umbrella Rank: 10	2 KB
10	nytcdn.com mn.nytcdn.com — Cisco Umbrella Rank: 431099	186 KB
9	gemius.pl 1 redirects gdetr.hit.gemius.pl — Cisco Umbrella Rank: 63561 ls.hit.gemius.pl — Cisco Umbrella Rank: 13098	72 KB
8	casalemedia.com 4 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 635 ssum-sec.casalemedia.com — Cisco Umbrella Rank: 485	6 KB
7	adnxs.com 5 redirects ib.adnxs.com — Cisco Umbrella Rank: 257 secure.adnxs.com — Cisco Umbrella Rank: 469	6 KB
6	nefisyemektarifleri.com www.nefisyemektarifleri.com — Cisco Umbrella Rank: 320439 i.nefisyemektarifleri.com — Cisco Umbrella Rank: 406978 i2.nefisyemektarifleri.com — Cisco Umbrella Rank: 498374 c.nefisyemektarifleri.com	156 KB
5	imgiz.com c1.imgiz.com — Cisco Umbrella Rank: 136022	328 KB
4	demdex.net 2 redirects samsungturkey.demdex.net unilever.demdex.net	4 KB
4	bidswitch.net 4 redirects x.bidswitch.net — Cisco Umbrella Rank: 359	1 KB
4	adform.net 3 redirects c1.adform.net — Cisco Umbrella Rank: 633 adx.adform.net	3 KB
4	w55c.net 4 redirects pm.w55c.net — Cisco Umbrella Rank: 1044	3 KB
4	bitbeat7.com bitbeat7.com — Cisco Umbrella Rank: 445250	36 KB
4	amazon-adsystem.com c.amazon-adsystem.com — Cisco Umbrella Rank: 353 aax.amazon-adsystem.com — Cisco Umbrella Rank: 438	62 KB
4	windows.net pcloak.blob.core.windows.net	3 KB
3	1rx.io 3 redirects sync.1rx.io — Cisco Umbrella Rank: 613	2 KB
3	onetag-sys.com 2 redirects onetag-sys.com — Cisco Umbrella Rank: 857	824 B
3	googletagservices.com www.googletagservices.com — Cisco Umbrella Rank: 205	169 KB
3	adocean.pl 1 redirects trgde.adocean.pl — Cisco Umbrella Rank: 56628	135 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	297 B
2	o2online.de portal.o2online.de — Cisco Umbrella Rank: 61931	1 KB
2	unrulymedia.com 2 redirects sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1372	1 KB
2	360yield.com 2 redirects match.360yield.com — Cisco Umbrella Rank: 2409	810 B
2	de17a.com 2 redirects d5p.de17a.com — Cisco Umbrella Rank: 5037	645 B
2	teads.tv 1 redirects sync.teads.tv — Cisco Umbrella Rank: 1425	448 B
2	izlesene.com 1 redirects panel.izlesene.com — Cisco Umbrella Rank: 982144 istr.izlesene.com — Cisco Umbrella Rank: 357056	1 KB
2	placehold.jp placehold.jp — Cisco Umbrella Rank: 350090	4 KB
2	pghub.io pghub.io — Cisco Umbrella Rank: 2090 feed.pghub.io — Cisco Umbrella Rank: 2360	6 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 173	156 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 79	158 KB
2	cloakan.co www.cloakan.co	742 B
1	nktcdn.com istr-n23.nktcdn.com — Cisco Umbrella Rank: 420062
1	id5-sync.com id5-sync.com — Cisco Umbrella Rank: 423	1 KB
1	inmobi.com 1 redirects sync.inmobi.com — Cisco Umbrella Rank: 1419	708 B
1	yahoo.com 1 redirects pr-bh.ybp.yahoo.com — Cisco Umbrella Rank: 481	714 B
1	adition.com 1 redirects dsp.adfarm1.adition.com — Cisco Umbrella Rank: 1777	584 B
1	blismedia.com tr.blismedia.com — Cisco Umbrella Rank: 2276	173 B
1	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 374	461 B
1	ctnsnet.com 1 redirects gcm.ctnsnet.com — Cisco Umbrella Rank: 44074	608 B
1	smartadserver.com ssbsync.smartadserver.com — Cisco Umbrella Rank: 922	45 B
1	travelaudience.com 1 redirects ads.travelaudience.com — Cisco Umbrella Rank: 8041	552 B
1	openx.net rtb.openx.net — Cisco Umbrella Rank: 982	245 B
1	quantserve.com cms.quantserve.com — Cisco Umbrella Rank: 862	463 B
1	google.de ampcid.google.de — Cisco Umbrella Rank: 52173	377 B
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 63	21 KB
351	50

	Domain	Requested by
54	pagead2.googlesyndication.com	static.virgul.com pagead2.googlesyndication.com a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com ad.doubleclick.net imasdk.googleapis.com tpc.googlesyndication.com googleads.g.doubleclick.net s0.2mdn.net www.nefisyemektarifleri.com securepubads.g.doubleclick.net www.googletagservices.com
35	cm.g.doubleclick.net	8 redirects googleads.g.doubleclick.net www.nefisyemektarifleri.com a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
29	tpc.googlesyndication.com	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com ad.doubleclick.net imasdk.googleapis.com tpc.googlesyndication.com pcloak.blob.core.windows.net s0.2mdn.net pagead2.googlesyndication.com securepubads.g.doubleclick.net
21	s0.2mdn.net	ad.doubleclick.net imasdk.googleapis.com pcloak.blob.core.windows.net s0.2mdn.net www.nefisyemektarifleri.com
16	csi.gstatic.com	imasdk.googleapis.com
13	imasdk.googleapis.com	c1.imgiz.com a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com imasdk.googleapis.com
13	ng.virgul.com	static.virgul.com www.nefisyemektarifleri.com ng2.virgul.com
12	logger.virgul.com	c1.imgiz.com
11	ng2.virgul.com	static.virgul.com www.nefisyemektarifleri.com
11	securepubads.g.doubleclick.net	static.virgul.com securepubads.g.doubleclick.net www.nefisyemektarifleri.com
10	mn.nytcdn.com	www.nefisyemektarifleri.com mn.nytcdn.com
8	gdetr.hit.gemius.pl	1 redirects trgde.adocean.pl gdetr.hit.gemius.pl www.nefisyemektarifleri.com
7	dsum-sec.casalemedia.com	3 redirects googleads.g.doubleclick.net
7	adservice.google.com	securepubads.g.doubleclick.net imasdk.googleapis.com
7	static.virgul.com	www.nefisyemektarifleri.com static.virgul.com pcloak.blob.core.windows.net
6	r4---sn-5hne6n6e.c.2mdn.net	www.nefisyemektarifleri.com
6	googleads4.g.doubleclick.net	ad.doubleclick.net pcloak.blob.core.windows.net
6	fonts.gstatic.com	fonts.googleapis.com
6	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com	securepubads.g.doubleclick.net
6	googleads.g.doubleclick.net	pagead2.googlesyndication.com a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
5	pubads.g.doubleclick.net	imasdk.googleapis.com
5	ib.adnxs.com	3 redirects googleads.g.doubleclick.net
5	www.google.com	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com tpc.googlesyndication.com
5	c1.imgiz.com	static.virgul.com ng2.virgul.com c1.imgiz.com
4	x.bidswitch.net	4 redirects
4	pm.w55c.net	4 redirects
4	bitbeat7.com	ng2.virgul.com www.nefisyemektarifleri.com bitbeat7.com
4	pcloak.blob.core.windows.net	pcloak.blob.core.windows.net
3	sync.1rx.io	3 redirects
3	onetag-sys.com	2 redirects a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
3	c1.adform.net	3 redirects
3	r2---sn-5hne6n6e.c.2mdn.net	3 redirects
3	r2---sn-5hnednss.c.2mdn.net	3 redirects
3	gcdn.2mdn.net	3 redirects
3	www.googletagservices.com	ad.doubleclick.net a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
3	bid.g.doubleclick.net	imasdk.googleapis.com
3	fonts.googleapis.com	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
3	trgde.adocean.pl	1 redirects ng2.virgul.com trgde.adocean.pl
3	www.facebook.com	www.nefisyemektarifleri.com
3	c.amazon-adsystem.com	static.virgul.com c.amazon-adsystem.com
2	unilever.demdex.net	1 redirects
2	samsungturkey.demdex.net	1 redirects
2	portal.o2online.de	www.nefisyemektarifleri.com
2	secure.adnxs.com	2 redirects
2	sync.targeting.unrulymedia.com	2 redirects
2	match.360yield.com	2 redirects
2	d5p.de17a.com	2 redirects
2	sync.teads.tv	1 redirects www.nefisyemektarifleri.com
2	placehold.jp	www.nefisyemektarifleri.com bitbeat7.com
2	connect.facebook.net	pcloak.blob.core.windows.net connect.facebook.net
2	c.nefisyemektarifleri.com	www.nefisyemektarifleri.com
2	www.googletagmanager.com	www.nefisyemektarifleri.com www.googletagmanager.com
2	i.nefisyemektarifleri.com	www.nefisyemektarifleri.com
2	www.cloakan.co	pcloak.blob.core.windows.net
1	adx.adform.net	imasdk.googleapis.com
1	ls.hit.gemius.pl	gdetr.hit.gemius.pl
1	istr-n23.nktcdn.com	www.nefisyemektarifleri.com
1	istr.izlesene.com	1 redirects
1	id5-sync.com	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
1	sync.inmobi.com	1 redirects
1	pr-bh.ybp.yahoo.com	1 redirects
1	dsp.adfarm1.adition.com	1 redirects
1	tr.blismedia.com	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
1	ssum-sec.casalemedia.com	1 redirects
1	pixel.rubiconproject.com	1 redirects
1	gcm.ctnsnet.com	1 redirects
1	ssbsync.smartadserver.com	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
1	ads.travelaudience.com	1 redirects
1	rtb.openx.net	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
1	cms.quantserve.com	a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
1	panel.izlesene.com	c1.imgiz.com
1	ad.doubleclick.net	ng2.virgul.com
1	feed.pghub.io	pghub.io
1	aax.amazon-adsystem.com	c.amazon-adsystem.com
1	pghub.io	static.virgul.com
1	ampcid.google.de	www.google-analytics.com
1	ampcid.google.com	www.google-analytics.com
1	www.google-analytics.com	www.googletagmanager.com
1	i2.nefisyemektarifleri.com	www.nefisyemektarifleri.com
1	www.nefisyemektarifleri.com	www.cloakan.co
351	80

This site contains no links.

Subject Issuer	Validity	Valid
*.blob.core.windows.net Microsoft RSA TLS CA 02	`2023-03-22` - `2024-03-22`	a year	crt.sh
cpanel.cloakan.co R3	`2023-07-03` - `2023-10-01`	3 months	crt.sh
*.nefisyemektarifleri.com Thawte RSA CA 2018	`2022-06-24` - `2023-07-25`	a year	crt.sh
nytcdn.com E1	`2023-05-17` - `2023-08-15`	3 months	crt.sh
*.virgul.com Sectigo RSA Domain Validation Secure Server CA	`2022-10-24` - `2023-09-28`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-04-19` - `2023-07-18`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
c.amazon-adsystem.com Amazon RSA 2048 M01	`2023-02-28` - `2024-02-17`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.google.de GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.pghub.io DigiCert TLS RSA SHA256 2020 CA1	`2023-02-09` - `2024-02-08`	a year	crt.sh
*.imgiz.com Sectigo RSA Domain Validation Secure Server CA	`2022-09-27` - `2023-09-09`	a year	crt.sh
aax-dtb-mobile-cf.amazon-adsystem.com Amazon RSA 2048 M01	`2023-03-16` - `2024-03-08`	a year	crt.sh
bitbeat7.com Amazon RSA 2048 M01	`2023-02-28` - `2023-12-02`	9 months	crt.sh
placehold.jp R3	`2023-07-01` - `2023-09-29`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
tpc.googlesyndication.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.doubleclick.net GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.hit.gemius.pl Sectigo ECC Domain Validation Secure Server CA	`2022-09-13` - `2023-09-25`	a year	crt.sh
*.adocean.pl Sectigo ECC Domain Validation Secure Server CA	`2023-01-30` - `2024-02-06`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-06-19` - `2023-09-11`	3 months	crt.sh
*.izlesene.com Sectigo RSA Domain Validation Secure Server CA	`2023-07-05` - `2024-08-04`	a year	crt.sh
*.quantserve.com DigiCert TLS RSA SHA256 2020 CA1	`2022-08-09` - `2023-09-09`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2022-07-21` - `2023-08-21`	a year	crt.sh
*.smartadserver.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2023-01-21` - `2024-01-23`	a year	crt.sh
*.c.docs.google.com GTS CA 1C3	`2023-06-20` - `2023-08-29`	2 months	crt.sh
tr.blismedia.com GTS CA 1D4	`2023-06-09` - `2023-09-07`	3 months	crt.sh
portal.o2online.de E1	`2023-05-25` - `2023-08-23`	3 months	crt.sh
track.adform.net DigiCert TLS RSA SHA256 2020 CA1	`2022-09-20` - `2023-09-20`	a year	crt.sh

This page contains 46 frames:

Primary Page: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Frame ID: 074B6D1B29D009BD4F7F46451692E25C
Requests: 6 HTTP requests in this frame

Frame: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Frame ID: 2C6310740D0B77010E9E24D7528DF7E4
Requests: 92 HTTP requests in this frame

Frame: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Frame ID: C6630A5A886D8A9DD8C0262E7CD8D49B
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/html/r20230706/r20190131/zrt_lookup.html
Frame ID: 32582B6F23FE976DF74F00722F04D969
Requests: 1 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=649563a3e4b07cc95f8808f6&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=649563a3e4b07cc95f8808f6___153183-375847772
Frame ID: A77A3BF589BE117EB673E02122E54BA3
Requests: 9 HTTP requests in this frame

Frame: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Frame ID: 528E7466FA7666142A4BEB745019247F
Requests: 2 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=5e73154be4b0016313fa90d5___1542481295923528
Frame ID: 8BAD47891D6B965B8D9928A3F5C9B177
Requests: 4 HTTP requests in this frame

Frame: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Frame ID: 4C0BE287C83E749D56DB197E5C0B2322
Requests: 2 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=5e73154be4b0016313fa90d5___15424812959235282
Frame ID: 8769454F636A1BDDF3BA2B4B8A1D0828
Requests: 4 HTTP requests in this frame

Frame: https://ng2.virgul.com/adview?a=64a9c002e4b0748d1c923674&r=153185@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=64a9c002e4b0748d1c923674___153185-50503217
Frame ID: F9F5B0EBE65DB2ABDECF7A82CA02CCEF
Requests: 3 HTTP requests in this frame

Frame: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 31EDEBFF63915FFEE77A16F9F3D989D9
Requests: 1 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689034384502&bpp=5&bdt=627&idt=415&shv=r20230706&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=985379360434&frm=24&ife=1&pv=2&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31075758%2C44788441%2C21065724&oid=2&pvsid=2446746173552980&tmod=909861124&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.2hvw5b7yrmk6&fsb=1&dtd=435
Frame ID: BE09147BF8E9B5489A7CF92CBADB8056
Requests: 1 HTTP requests in this frame

Frame: https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D
Frame ID: D3AC574F5B8C7AB9BE66DB6BC85EA6D9
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: A114E8F483F0426097D39A3CAC7889B9
Requests: 1 HTTP requests in this frame

Frame: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 403DCE43A938F4F9FF56FAF4E8C42DFC
Requests: 19 HTTP requests in this frame

Frame: https://ad.doubleclick.net/ddm/adi/N6553.834839NOKTA.COM/B30172735.371005084;sz=300x250;ord=1689034384747;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_sdk_apis=[APIFRAMEWORKS];dc_omid_p=[OMIDPARTNER];gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;dc_tdv=1
Frame ID: 72A39FCCC80EA34E8FBEAFE24E158819
Requests: 11 HTTP requests in this frame

Frame: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: 48FD35123E7927C71EBA12B353819990
Requests: 20 HTTP requests in this frame

Frame: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: C9C8BD86C7DD5D34E305FA2282A1993C
Requests: 19 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: A899EE9F71F196ECF647E67CEB5A9247
Requests: 3 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjJmbXcATAB&v=APEucNW6GKtIkfl49qg2Wb83SIRfZQcI8DuhLUWwlBS4_Rc3QRrxOY45k37KPgToNkfyfbNg7qlmho2TCiefAx-lRLtnSuUUNDGWv9pOzo-CtFjZPYqdcLSdzBwr0DVvXO3zS-O1O0vvAbed_F-3HbFKsVTlQDfA45_RIOI2myowuLcuTKSIvVA
Frame ID: 2812EA83F18299E4E7460FAAFCF90A91
Requests: 5 HTTP requests in this frame

Frame: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: D72991E2AECA02A2C1CC5E6F5CB9DA5F
Requests: 20 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 523526B0A347D703D6593E0CD926E764
Requests: 3 HTTP requests in this frame

Frame: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Frame ID: B9FF15BC56F7DF40FD77D11DCAD05DFA
Requests: 20 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html
Frame ID: 0A431DF937388FCD250FAD9D95B0802D
Requests: 13 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: CB857481E583BA78F5A7B212DD1CFE81
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: BA2324E88AF3B76B483A68E8B8032FB9
Requests: 9 HTTP requests in this frame

Frame: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNVDLE-7JHMG4OnrYC1VOKxMfo6ICX6UvMyM-pWiYqc7TEcwQRyKmBqqNIK-P3tTXbjT9iqhOWDpW12vHm-rk2ZCEQjnMdsm7t1sHK8PN0frVWNmuWAMGOZ7Ez9Lr-Itz3WxZGQKlXva3sH7z2AqZoJlPGr7oaxNk6mtio1r9go8wov7Ld8
Frame ID: D9B0CC7EB887BFE151F4B7F63916ED19
Requests: 5 HTTP requests in this frame

Frame: https://gdetr.hit.gemius.pl/gdejs/xgde.html
Frame ID: F937B2552B0EEC852580C93865B4DB06
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 18E4C94FC05CF1E558A5F9FE8829241A
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 2B9A2005899FC946A5CEB8D04B50D0C9
Requests: 3 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 57D582B355A3597E40B42A628CAB3400
Requests: 9 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html
Frame ID: 4D9917633F8CB8E88727FA24CAB479AB
Requests: 9 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html
Frame ID: 6DD19281923046054B535C89690E99FE
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
Frame ID: 0D02B9C4FC2D321A5891B2DF215D5E4D
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 8D9CD7D5656B3767ABD11C3FA13ED040
Requests: 3 HTTP requests in this frame

Frame: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
Frame ID: C32EEAF9FBBDD48F1F7CB266A786979C
Requests: 11 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/Enqz_20U.html
Frame ID: 4C4542BC0C25F64BF3D19DD771BAC61D
Requests: 3 HTTP requests in this frame

Frame: https://ls.hit.gemius.pl/lsget.html
Frame ID: 2D92DC7F909CC599B228CB9575F1CC85
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
Frame ID: 588DE2E3A5ED63D120EF6B05A3D06EAB
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
Frame ID: A39C2142C3BC0E114F2BFCFF766AA303
Requests: 1 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js
Frame ID: 862C96C10AA0A01C1ADCD15EE67CF3D5
Requests: 1 HTTP requests in this frame

Frame: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
Frame ID: A602365197C02169C329C8EE5776B5A3
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/aframe
Frame ID: 79676319C50D276A1278524682269186
Requests: 2 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/sdkloader/loader.js
Frame ID: 2185F79C5DFCF8D5A769F4F9FEC9D886
Requests: 6 HTTP requests in this frame

Frame: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html
Frame ID: 7DE5518061DA9AFC711FBB4CAE4FCCAA
Requests: 2 HTTP requests in this frame

Frame: https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js
Frame ID: F19A31B83042573DF6EAB70BC10BEE5F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

/wp-(?:content|includes)/

AdOcean (Advertising) Expand

Overall confidence: 80%
Detected patterns

adocean\.pl

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

DoubleClick Ad Exchange (AdX) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

tpc\.googlesyndication\.com/safeframe

DoubleClick Campaign Manager (DCM) (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

2mdn\.net

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Gemius (Analytics) Expand

Overall confidence: 80%
Detected patterns

hit\.gemius\.pl

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/
2mdn\.net

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

351
Requests

88 %
HTTPS

39 %
IPv6

50
Domains

80
Subdomains

57
IPs

10
Countries

11452 kB
Transfer

21082 kB
Size

35
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84

https://trgde.adocean.pl/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner&cs=1689034384752&m= HTTP 301
https://trgde.adocean.pl/__/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner&cs=1689034384752&m=

Request Chain 119

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/639D9B0E6130A10B675D24D7D1AE40FC71AC8216.4C93B737E95F7C192EED8107BBC3B3BA49AEABF7/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-5hnednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/64EAC85ACFE466BC953932658E6BF20E3D29784C.0DD243D247E7CE120AB9CF7EAD3562F5AD4F5204/key/cms1/cms_redirect/yes/mh/xb/mip/2a00:c98:2050:a007:2::10/mm/42/mn/sn-5hnednss/ms/onc/mt/1689034117/mv/u/mvi/2/pl/44/file/file.mp4 HTTP 302
https://r2---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0667FD83D57C6DA342DA65FF274DA1C70FCF75C3.24D0216FE11F3EB8AC5E353467C706E3C0412171/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/5a5c0f37f49fa3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689033887/mv/m/mvi/2?file=file.mp4 HTTP 302
https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0667FD83D57C6DA342DA65FF274DA1C70FCF75C3.24D0216FE11F3EB8AC5E353467C706E3C0412171/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/5a5c0f37f49fa3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689033887/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Request Chain 134

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

Request Chain 135

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKyekeb2HoFaDortVPyq7QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

Request Chain 136

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1

Request Chain 137

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 307
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D

Request Chain 170

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/194C4B7E9FBA60F530EC33AB0E993B65F603A09F.37132D73D33E640CB650D3C1250563974B153548/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-5hnednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/7655058332348DB3C8A0570AA56BB35E78EC402A.292BB8FB1D96EC190A44CA0178BF87CEDBE40EAF/key/cms1/cms_redirect/yes/mh/xb/mip/2a00:c98:2050:a007:2::10/mm/42/mn/sn-5hnednss/ms/onc/mt/1689033291/mv/u/mvi/2/pl/44/file/file.mp4 HTTP 302
https://r2---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/267C59352FE2F4465A0B37E9253F3B787CEBD15D.65FBE80268726D0557996F8BB9AADC2FCEA2D445/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/af8bb9bb30f7a3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?file=file.mp4 HTTP 302
https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/267C59352FE2F4465A0B37E9253F3B787CEBD15D.65FBE80268726D0557996F8BB9AADC2FCEA2D445/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/af8bb9bb30f7a3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Request Chain 172

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

Request Chain 173

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKyekeb2HoFaDortVPyq7QAA HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

Request Chain 174

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm HTTP 302
https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1

Request Chain 175

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC} HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D

Request Chain 193

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&google_cver=1&google_push=AaAOQGEw0Zwo5xUHvFPtQxoC2Wih57IA8wW342vacqZLOnmcufAGHt1rridLL4sFhOqkfofdpsWf3rNOvamsd-zRGWwyiLMjwP1N HTTP 302
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&google_cver=1&google_push=AaAOQGEw0Zwo5xUHvFPtQxoC2Wih57IA8wW342vacqZLOnmcufAGHt1rridLL4sFhOqkfofdpsWf3rNOvamsd-zRGWwyiLMjwP1N HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&google_cver=1&google_push=AaAOQGEw0Zwo5xUHvFPtQxoC2Wih57IA8wW342vacqZLOnmcufAGHt1rridLL4sFhOqkfofdpsWf3rNOvamsd-zRGWwyiLMjwP1N

Request Chain 194

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI9Is3NjdgivTPndI9Q5GlY&google_cver=1&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqnVRRx0ARf4ZBlS3E48r0Nt-5SE HTTP 302
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI9Is3NjdgivTPndI9Q5GlY&google_cver=1&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqnVRRx0ARf4ZBlS3E48r0Nt-5SE HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqnVRRx0ARf4ZBlS3E48r0Nt-5SE

Request Chain 196

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEA_VanDTsEnDXEuZkFuQdBg&google_cver=1&google_push=AaAOQGGwpyVzkH-JVjMDcaU4zWNUtPo5LtnfqnTJ6EPSrMoCzYCQmW7d-8IdPgA-a_BsQnRjHtf0dkqHv95Ne9OgSuuXmo3My4jv HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGwpyVzkH-JVjMDcaU4zWNUtPo5LtnfqnTJ6EPSrMoCzYCQmW7d-8IdPgA-a_BsQnRjHtf0dkqHv95Ne9OgSuuXmo3My4jv

Request Chain 197

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESED7h95GuNTJZOHHs5bnJd1k&google_cver=1&google_push=AaAOQGHhUN88hig1Tct29CWXWNmYI5NcqoH1YP5P8gdYoY2OZm1F900qIu4H1MnKLxS5Y_YqR6-Hb13b8_R5hgciJXSsJtWkozAw_Q HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGHhUN88hig1Tct29CWXWNmYI5NcqoH1YP5P8gdYoY2OZm1F900qIu4H1MnKLxS5Y_YqR6-Hb13b8_R5hgciJXSsJtWkozAw_Q HTTP 302
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

Request Chain 198

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEC_vP_Gl1-s10hdSQ8ekiKs&google_cver=1&google_push=AaAOQGGJ-kh0vIX0sGAQQDXDrw6S8S3JChC7bFHUzfJkSYt7NCkAVjlA_iUIrOOxeiski3ELjadKM2jIigw1qhAvTHzOHP0WQP6trA HTTP 302
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEC_vP_Gl1-s10hdSQ8ekiKs&google_cver=1&google_push=AaAOQGGJ-kh0vIX0sGAQQDXDrw6S8S3JChC7bFHUzfJkSYt7NCkAVjlA_iUIrOOxeiski3ELjadKM2jIigw1qhAvTHzOHP0WQP6trA HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

Request Chain 205

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signature/2132FAA019EA50FE47244177F7A0223964B1A89A.6FF8421559640A8EDB5E2431D70CA34BB1A36ABB/key/ck2/file/file.mp4 HTTP 302
https://r2---sn-5hnednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/05F8AE227AB7B5D3507DAD0FB8B61BA9BEF41E48.74FF835D2D5F52908AD61DFA03B13EFF11898782/key/cms1/cms_redirect/yes/mh/xb/mip/2a00:c98:2050:a007:2::10/mm/42/mn/sn-5hnednss/ms/onc/mt/1689034117/mv/u/mvi/2/pl/44/file/file.mp4 HTTP 302
https://r2---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5329750CF93E46D188B111E9D361184515D2B31E.7A800ACFD69E4A198EF969D2C4B75F39D30DB936/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/e042ee55e0ea3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?file=file.mp4 HTTP 302
https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5329750CF93E46D188B111E9D361184515D2B31E.7A800ACFD69E4A198EF969D2C4B75F39D30DB936/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/e042ee55e0ea3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Request Chain 213

https://ads.travelaudience.com/google_pixel?google_gid=CAESEKTCT0TzSsY1TFGd2JG4tpo&google_cver=1&google_push=AaAOQGGIEE3kIh5-gaadjHg9cJMgMe8WTAmMHYQ6CnQ5ewbjtw0j8uy6Vh1635IHndsMLHiRFmGENe2jXhbghKx7UliqnnOkRRLi HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eMOT3u4aRSea0Za3UmO8Nw2&google_push=AaAOQGGIEE3kIh5-gaadjHg9cJMgMe8WTAmMHYQ6CnQ5ewbjtw0j8uy6Vh1635IHndsMLHiRFmGENe2jXhbghKx7UliqnnOkRRLi

Request Chain 214

https://d5p.de17a.com/cookies/google?google_gid=CAESEDcrMTBbGBP9HnyggifbQtw&google_cver=1&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpwJkTSjc HTTP 302
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDcrMTBbGBP9HnyggifbQtw&google_cver=1&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpwJkTSjc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpwJkTSjc

Request Chain 215

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELsKwTwpVuwQlYWDGXztfEQ&google_cver=1&google_push=AaAOQGEwTZiaGU_-d5WTkydKe_wz-raZ4Sj07oO_tzmoqKN9wzDlr6sF6tHGVVRFYWVMmqbzO1uU4YG5OGWMHY2gTBNXWvbzha8K HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGEwTZiaGU_-d5WTkydKe_wz-raZ4Sj07oO_tzmoqKN9wzDlr6sF6tHGVVRFYWVMmqbzO1uU4YG5OGWMHY2gTBNXWvbzha8K

Request Chain 216

https://match.360yield.com/match/ebda?google_gid=CAESEMgIrTJacYSAWywn6GgYtok&google_cver=1&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZt7ZeRmZCsJmfJ HTTP 302
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEMgIrTJacYSAWywn6GgYtok&google_cver=1&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZt7ZeRmZCsJmfJ HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8ZbcYD6uQN2a_muznwL-wQ&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZt7ZeRmZCsJmfJ

Request Chain 217

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEDJT0SXO4gDchqpS9TMASOk&google_cver=1&google_push=AaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz HTTP 302
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&cb=1689034386204 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-c216d8d2-2261-4913-8913-294d151b4c55-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz%26google_hm%3DA8IW2NIiYUkTiRMpTRUbTFU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz&google_hm=A8IW2NIiYUkTiRMpTRUbTFU

Request Chain 219

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEGU23QZgaZUGDk5Tkrh8I_s&google_cver=1&google_push=AaAOQGEZUs7SqgZRo8zSA7W0-rJmJaI_Q1sqwY45tXFHQ0NIz883TeyGLZHgvUrifkj5P1eZlc2s6ji6wrZI2aCSQ_sxv-RHUT7x HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEGU23QZgaZUGDk5Tkrh8I_s&google_cver=1&google_push=AaAOQGEZUs7SqgZRo8zSA7W0-rJmJaI_Q1sqwY45tXFHQ0NIz883TeyGLZHgvUrifkj5P1eZlc2s6ji6wrZI2aCSQ_sxv-RHUT7x

Request Chain 228

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMrkojG-lnEGzKid7-_3GBI&google_cver=1&google_push=AaAOQGHml8H5_5uH2fRleXbGDcJLQ8LzBNJg-nndUEmtC3yV4st1SwRQdTk8VisdluaGx91YTWOULBrge-sI0hmw5jZCrBHESfYo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEMrkojG-lnEGzKid7-_3GBI&google_cver=1&google_push=AaAOQGHml8H5_5uH2fRleXbGDcJLQ8LzBNJg-nndUEmtC3yV4st1SwRQdTk8VisdluaGx91YTWOULBrge-sI0hmw5jZCrBHESfYo

Request Chain 229

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHgvgwspMi9cJ9kkXvn8WA4&google_cver=1&google_push=AaAOQGGXx4A-3Ik-spXeleBaO2QtPmWAlMUN7icIKYXLJaFf4hAIHCr1fI00QjiJxpPEtSbmXYbZBBteHEcZhgaiTryNBYNl7Ahd HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGGXx4A-3Ik-spXeleBaO2QtPmWAlMUN7icIKYXLJaFf4hAIHCr1fI00QjiJxpPEtSbmXYbZBBteHEcZhgaiTryNBYNl7Ahd&google_hm=spRmZJbHTr6R_eIhlQfJZB4

Request Chain 230

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG2EP8hPtQMxBsqynsyBJr8&google_cver=1&google_push=AaAOQGEZbxaUHpWZYLjeZIYGSpJIlOU0Qivfq-sXEbAVjBdwB5V_X026gS7atYJG3iaUGt30rop-KQhOptx9CtVLPW71BsaBFHRU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYSkdQRjEtMTMtNk5PQg==&google_push=AaAOQGEZbxaUHpWZYLjeZIYGSpJIlOU0Qivfq-sXEbAVjBdwB5V_X026gS7atYJG3iaUGt30rop-KQhOptx9CtVLPW71BsaBFHRU

Request Chain 231

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEA-yofxukj8SE4lPY5e3Qbs&google_cver=1&google_push=AaAOQGGyrBJYmsTTq3yymZkf485Gatab8xAAeEVq1dlGrtmECGjuErew-4a2tYRLhv5mzCZc_a_HvVOusr2Kb8EM2U8aqufdQ3E HTTP 302
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEA-yofxukj8SE4lPY5e3Qbs&google_hm=ZKyekeb2HoFaDortVPyq7QAADMAAAAAB&google_nid=index&google_push=AaAOQGGyrBJYmsTTq3yymZkf485Gatab8xAAeEVq1dlGrtmECGjuErew-4a2tYRLhv5mzCZc_a_HvVOusr2Kb8EM2U8aqufdQ3E

Request Chain 232

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEKOe5D6EzrWh6HjTsZdsH3A&google_cver=1&google_push=AaAOQGEpJ32YS0TbgkCvJBToDN1QeO67XRDauosJP3bp6NZOyX5RxetryJPTcoKY1cYAZeCxmtmyHsRkcY1a_tAJ_eli18Sj03zaqw HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEpJ32YS0TbgkCvJBToDN1QeO67XRDauosJP3bp6NZOyX5RxetryJPTcoKY1cYAZeCxmtmyHsRkcY1a_tAJ_eli18Sj03zaqw HTTP 302
https://onetag-sys.com/match/?int_id=19&google_error=5

Request Chain 233

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEF-FXzjsoOzTVY-lIf-ux14&google_cver=1&google_push=AaAOQGGHR-kNSA0KgQkEUbbCVaZdk3NggbTXryRUFfCj5MUHOG3vnylIQ2Wcf2PZhE5OGeOIRzXbCEcrpoHwm08Ulg68o4IHkmMt1g HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEF-FXzjsoOzTVY-lIf-ux14&google_cver=1&google_push=AaAOQGGHR-kNSA0KgQkEUbbCVaZdk3NggbTXryRUFfCj5MUHOG3vnylIQ2Wcf2PZhE5OGeOIRzXbCEcrpoHwm08Ulg68o4IHkmMt1g

Request Chain 234

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEN1GzKaytlklleLXIp3X8Ac&google_cver=1&google_push=AaAOQGGnea4fHUseRmqaVinJSZaSnRDdcNFa860RWzPnFzrVUw9ydEKFsZsARo3AxADT0vwBtkELcnxSF6KnYKYysx9ealESlTHgug HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

Request Chain 243

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEO0ZFpf-_hpsXZzkVZGlRJ8&google_cver=1&google_push=AaAOQGFmHvIOBhCXRjy4vHnkdXqV9z_6QLyC9FV-SromdFJ6x0hrzD8Ei8CgZ9yGh4uSKQBFtqNqsRBcItaR0x510n1oFizl0IqV HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEO0ZFpf-_hpsXZzkVZGlRJ8&google_cver=1&google_push=AaAOQGFmHvIOBhCXRjy4vHnkdXqV9z_6QLyC9FV-SromdFJ6x0hrzD8Ei8CgZ9yGh4uSKQBFtqNqsRBcItaR0x510n1oFizl0IqV

Request Chain 245

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESECgEnQ_KKdb0uYbqjX1NqiU&google_cver=1&google_push=AaAOQGEKWVy2Isty2T1sCm-pQJ9tcjfL_kLGDf0djIKC0EaMrdno0zEjhqe3flORi6U3PY4nu80SxmrNgtGbsBA9yzCi1mAv88_9 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM0NzQ0OTY5Njk3NDk5Mg%3D%3D&google_push=AaAOQGEKWVy2Isty2T1sCm-pQJ9tcjfL_kLGDf0djIKC0EaMrdno0zEjhqe3flORi6U3PY4nu80SxmrNgtGbsBA9yzCi1mAv88_9

Request Chain 246

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJKj_4hsiZtaDJTbcC5J_VI&google_cver=1&google_push=AaAOQGH-v7OVuUXWBLbL9zX_qDsTbN6f-BPADvIva2he2ogwNyNMQLCnkzFpcEBSEAOJPKWBT1nCG3KEEU0Zq3VbeZZV-tW9Op2l HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-v7OVuUXWBLbL9zX_qDsTbN6f-BPADvIva2he2ogwNyNMQLCnkzFpcEBSEAOJPKWBT1nCG3KEEU0Zq3VbeZZV-tW9Op2l&google_hm=eS1Wb1c0SHdKRTJwRjVoRUdlWXZqZ2VCV0llUE9PN1F4Vn5B

Request Chain 247

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEEoUrJaNxSk6Q9O42Q9N5X4&google_cver=1&google_push=AaAOQGF5mZsHQbB6PXkeQH3jLLlbXS7fUxYPB21eAln-DLzTQ43MLeJXqTQeSc-FJY0C9lZ9RSzUHZKmDhJCthRUAS3chdnWIuT5 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-c216d8d2-2261-4913-8913-294d151b4c55-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGF5mZsHQbB6PXkeQH3jLLlbXS7fUxYPB21eAln-DLzTQ43MLeJXqTQeSc-FJY0C9lZ9RSzUHZKmDhJCthRUAS3chdnWIuT5%26google_hm%3DA8IW2NIiYUkTiRMpTRUbTFU HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF5mZsHQbB6PXkeQH3jLLlbXS7fUxYPB21eAln-DLzTQ43MLeJXqTQeSc-FJY0C9lZ9RSzUHZKmDhJCthRUAS3chdnWIuT5&google_hm=A8IW2NIiYUkTiRMpTRUbTFU

Request Chain 248

https://sync.inmobi.com/gob?google_gid=CAESEIJamB1eFOgKX1viWuvislg&google_cver=1&google_push=AaAOQGGCK1RXNdUlp8eoShchERiKdIt8NUwxUJf8BUcOm4c4Arr6lMsWpkxP5qDK2DBT8_mVm5cMp55ugDT1f2G85JZ5vK6iVAm- HTTP 302
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGGCK1RXNdUlp8eoShchERiKdIt8NUwxUJf8BUcOm4c4Arr6lMsWpkxP5qDK2DBT8_mVm5cMp55ugDT1f2G85JZ5vK6iVAm-

Request Chain 249

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOClJLjZNWRuhU8WH4Q1in8&google_cver=1&google_push=AaAOQGG4O2zIILcaO-lVmzUGrv9yNxpwiWE_b8rdp7pmrsiRvGlO5lwDmpN2OoiW2E-1WDScyR2NoaGiN-PjrH3SGcTz0Qr1rxG-0A HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

Request Chain 261

https://istr.izlesene.com/data/videos/10710/10710800-480_2-170k.mp4?token=WrNYJ7w2eSPis-tmRVFyXA&ts=1689124386&playername=npm_nefisyemektarifleri HTTP 302
https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=bjraxpsNtm8-B44cid7d3w&ts=1689120786

Request Chain 276

https://gdetr.hit.gemius.pl/_1689034386886/redot.js?id=BbORifATbClkExxkwBmocJagYwTFqRHtZ278l_0BjM3.O7/fastid=bbudzftinuomyhbaszefxbqhxglp/stparam=lejjipkovr&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D1033&lsdata=YZt6w34J8OgdQ4oUC53cB8FHQNIZcdfCwohSa28tvi3.I7FuvmugkvLJmIfVv5xoQfL7fG1Q6TulSc7XyEmzBeyboSN_/MeErWB4c8FXzo/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D649563a3e4b07cc95f8808f6%26r%3D153183%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgpnyt%253D1%2526video%253D1%2526rec%253Dbakliyat-yemekleri%2526rec_ing%253Ddomates%2Bsal%25C3%25A7as%25C4%25B1%2540karabiber%2540kuru%2Bso%25C4%259Fan%2540nohut%2540pul%2Bbiber%2540s%25C4%25B1v%25C4%25B1%2Bya%25C4%259F%2540sivri%2Bbiber%2540su%2540tuz%2526nyt_cat%253Dpost%26info%3D%26cs%3D1689034384412%26mt%3D1689034384322%26userId%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26vmn%3D649563a3e4b07cc95f8808f6___153183-375847772&ref=https%3A%2F%2Fwww.nefisyemektarifleri.com%2F HTTP 301
https://gdetr.hit.gemius.pl/__/_1689034386886/redot.js?id=BbORifATbClkExxkwBmocJagYwTFqRHtZ278l_0BjM3.O7/fastid=bbudzftinuomyhbaszefxbqhxglp/stparam=lejjipkovr&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D1033&lsdata=YZt6w34J8OgdQ4oUC53cB8FHQNIZcdfCwohSa28tvi3.I7FuvmugkvLJmIfVv5xoQfL7fG1Q6TulSc7XyEmzBeyboSN_/MeErWB4c8FXzo/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D649563a3e4b07cc95f8808f6%26r%3D153183%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgpnyt%253D1%2526video%253D1%2526rec%253Dbakliyat-yemekleri%2526rec_ing%253Ddomates%2Bsal%25C3%25A7as%25C4%25B1%2540karabiber%2540kuru%2Bso%25C4%259Fan%2540nohut%2540pul%2Bbiber%2540s%25C4%25B1v%25C4%25B1%2Bya%25C4%259F%2540sivri%2Bbiber%2540su%2540tuz%2526nyt_cat%253Dpost%26info%3D%26cs%3D1689034384412%26mt%3D1689034384322%26userId%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26vmn%3D649563a3e4b07cc95f8808f6___153183-375847772&ref=https%3A%2F%2Fwww.nefisyemektarifleri.com%2F

Request Chain 335

https://samsungturkey.demdex.net/event?c_source=desktop&c_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&c_site=nefisyemektarifleri&c_title=Etsiz%20Nohut%20Yeme%C4%9Fi%20-%20Nefis%20Yemek%20Tarifleri%20-%20%23248941&c_category=kategori&c_subcategory=&c_day=tuesday&c_time=midnight HTTP 302
https://samsungturkey.demdex.net/firstevent?c_source=desktop&c_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&c_site=nefisyemektarifleri&c_title=Etsiz%20Nohut%20Yeme%C4%9Fi%20-%20Nefis%20Yemek%20Tarifleri%20-%20%23248941&c_category=kategori&c_subcategory=&c_day=tuesday&c_time=midnight

Request Chain 336

https://unilever.demdex.net/event?d_sid=25454185&cs=1689034388950 HTTP 302
https://unilever.demdex.net/firstevent?d_sid=25454185&cs=1689034388950

351 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request 6x67420x0229.html Show response
pcloak.blob.core.windows.net/web/ 1 KB
2 KB 450ms
102ms Document
text/html 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: add347e23d6d68d50f456f663e081078bf03026f868ca4aa31e6b0f8f5354e01

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Content-Length: 1321
Content-MD5: 4ybI82/2lfG6TucYWk+Hdw==
Content-Type: text/html
Date: Tue, 11 Jul 2023 00:13:02 GMT
ETag: 0x8DB5ED054FF7A83
Last-Modified: Sat, 27 May 2023 16:35:07 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
x-ms-blob-type: BlockBlob
x-ms-lease-status: unlocked
x-ms-request-id: e5a120c5-e01e-0036-5c8c-b3cf7d000000
x-ms-version: 2009-09-19

GET
H/1.1 404
The specified blob does not exist. jquery.min.js
pcloak.blob.core.windows.net/web/ 0
0 94ms
94ms Script
application/xml 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/jquery.min.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-request-id: e5a12116-e01e-0036-228c-b3cf7d000000
Date: Tue, 11 Jul 2023 00:13:02 GMT
x-ms-version: 2009-09-19
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-Length: 215
Content-Type: application/xml

GET
H/1.1 200
OK cloakan.js Show response
pcloak.blob.core.windows.net/web/ 308 B
717 B 289ms
97ms Script
text/javascript 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: 4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 11 Jul 2023 00:13:02 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: zPiKctHo6j8i1UGOFPpInw==
ETag: 0x8DA4D4A263C11C2
Content-Type: text/javascript
x-ms-request-id: e5a121ce-e01e-0036-448c-b3cf7d000000
x-ms-version: 2009-09-19
Content-Length: 308

GET
H/1.1 200
OK style.css
pcloak.blob.core.windows.net/web/ 166 B
568 B 191ms
97ms Stylesheet
text/css 20.60.220.36
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://pcloak.blob.core.windows.net/web/style.css
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.60.220.36 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash: cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Tue, 11 Jul 2023 00:13:02 GMT
Last-Modified: Mon, 13 Jun 2022 14:36:49 GMT
Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5: 9ruAIrm4XHnQO3/sM8J0AQ==
ETag: 0x8DA4D4A26527CA0
Content-Type: text/css
x-ms-request-id: e5a1216b-e01e-0036-6a8c-b3cf7d000000
x-ms-version: 2009-09-19
Content-Length: 166

GET
H2 200 px.php Show response
www.cloakan.co/ 55 B
321 B 349ms
171ms XHR
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/px.php?id=6x67420x0229
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:00 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
access-control-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 45

GET
H2 200 nv.php Show response
www.cloakan.co/ 275 B
421 B 225ms
117ms Script
text/html 77.245.159.14
NIOBEBILISIMHIZME...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.cloakan.co/nv.php?id=6x67420x0229-m
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/cloakan.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 77.245.159.14 , Turkey, ASN42868 (NIOBEBILISIMHIZMETLERI, TR),
Reverse DNS: stilgar.wlsrv.com
Software: LiteSpeed / PHP/7.3.33
Resource Hash: 64bba7358df0b70cff3572ee3e5a2eee51ae741c86167cd529bc7af0e15682a6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pcloak.blob.core.windows.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:00 GMT
content-encoding: br
server: LiteSpeed
x-powered-by: PHP/7.3.33
vary: Accept-Encoding,User-Agent
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="43,46", h3-Q043=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-25=":443"; ma=2592000, h3-27=":443"; ma=2592000
content-length: 147

GET
H2 200 / Show response
www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/ Frame 2C63 289 KB
44 KB 104ms
57ms Document
text/html 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Requested by

Host: www.cloakan.co
URL: https://www.cloakan.co/nv.php?id=6x67420x0229-m

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b477d5d25a590bf57853442c91c9c3ebca25dbd25df8f03402c09bbd6812afcc

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pcloak.blob.core.windows.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 15177
cf-cache-status: DYNAMIC
cf-ray: 7e4cd6a2dedd0e37-AMS
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 11 Jul 2023 00:13:03 GMT
last-modified: Mon, 10 Jul 2023 20:00:05 GMT
server: cloudflare
x-amp: no
x-cache: HIT
x-device: nmobile
x-xss-protection: 1; mode=block

GET
H2 200 icon-set.ttf
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/fonts/ Frame 2C63 22 KB
22 KB 71ms
21ms Font
application/octet-stream 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/fonts/icon-set.ttf?v=20210129

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

886a2ff3ff2a76e50d8387582d03539c71d06dbd4314cd8cc955ea08b5cf752f

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nefisyemektarifleri.com/
Origin: https://www.nefisyemektarifleri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 4033
alt-svc: h3=":443"; ma=86400
content-length: 22084
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: "623c12a3-5644"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ay0%2FhYRJi93PhE561thG%2FfWNyUBuU3XftehLCtj2JvDvE9hjv3UyP3548Lco6tcaL8HMVJaa%2BtTwWDLgiD9K9yMnC3hdLeDfv97fOzknBM0ulkUvjkHWnLw3mpKFbKY%2B%2Fn5RAfB8fgzdG1Nj"}],"group":"cf-nel","max_age":604800}
x-varnish: 806510473 781570431
content-type: application/octet-stream
access-control-allow-origin: *
x-abc: local
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e4cd6a399c8b91a-AMS
x-nyt-cache: hit cached

GET
H2 200 single-recipe.css
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/ Frame 2C63 161 KB
28 KB 76ms
27ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-recipe.css?1680961699

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0fd0e821ef47075614e9500f81f2077fef9be630b5a63bd40a10b7922026aed7

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:03 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6148
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Fri, 24 Mar 2023 10:00:42 GMT
server: cloudflare
etag: W/"641d74ca-28302"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ox%2FoeQzf0HwZFa6DMrsY2B8YzEwFK8K%2FGdAb5oXiMU0nesnSewCijdDK3y3L2Ujpa50Lm4SDc%2FKo2MLJyROp%2BQdYAwKxNM5aRmnZS5G7Mr%2B1x2czve1W3eWeXDUwboZYKrP0Pxz2uZlWK2Oo"}],"group":"cf-nel","max_age":604800}
x-varnish: 908378079 908153339
content-type: text/css
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e4cd6a3985db8e4-AMS
x-nyt-cache: hit cached

GET
H2 200 single-vendor.css
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/ Frame 2C63 189 KB
30 KB 71ms
22ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-vendor.css?1687242409

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38312b284a104dfa32e4ecfe73f542a66e04fb259e9bcd5e581e45bdeb677487

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:03 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 6148
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Jun 2023 06:26:15 GMT
server: cloudflare
etag: W/"64914687-2f326"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BvcXDE1i7Q5twf5HVgqpfVG9uGDs6JF7eHn4B7oJgRhql%2BIIR8uyTTq4Cmp%2FRb9CspD0QOmhzSfdLwa6Dr2HvwIsITRYpeEvjGpVhXLVFTST7SBVsHkZX5xv8GQsYaQbgivPUblvCrIf1AAI"}],"group":"cf-nel","max_age":604800}
x-varnish: 204515586 204392002
content-type: text/css
access-control-allow-origin: *
x-abc: local
cache-control: max-age=14400
cf-ray: 7e4cd6a3985eb8e4-AMS
x-nyt-cache: hit cached

GET
H2 200 1x1.gif
mn.nytcdn.com/wp-content/ Frame 2C63 42 B
398 B 19ms
19ms Image
image/gif 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mn.nytcdn.com/wp-content/1x1.gif

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5890
alt-svc: h3=":443"; ma=86400
content-length: 42
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:37 GMT
server: cloudflare
etag: "623c12a1-2a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TDxyFOkaWlm8LIV34OOqwXpWghyABJ9gCWL3auuDrnxQouC3RkDblqhXf3CmxA5c435Z%2FetivfFQN%2FDCLiNDakspGmhxFO2D0yvUS2qOGjSgqqv1n4I8U%2FC95KNZVtSmntSpXQo%2Fk7NuhTYm"}],"group":"cf-nel","max_age":604800}
x-varnish: 806482750 788464966
content-type: image/gif
access-control-allow-origin: *
x-abc: local
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e4cd6a3c87db8e4-AMS
x-nyt-cache: hit cached

GET
H2 200 profilo-tab-logo.png
i.nefisyemektarifleri.com/2022/01/06/ Frame 2C63 4 KB
4 KB 57ms
12ms Image
image/png 31.3.2.79
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.nefisyemektarifleri.com/2022/01/06/profilo-tab-logo.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.79 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-236 /

Resource Hash

4621960c2ce01b405da6b6652f322bd8904f3e0d867daf7db9dd5d5ad6cc6491

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 10 Jul 2024 00:13:04 GMT
date: Tue, 11 Jul 2023 00:13:04 GMT
age: 12344
x-edge-location: DE-372
x-cache-status: Edge : HIT,
content-length: 4162
x-xss-protection: 1; mode=block
last-modified: Thu, 06 Jan 2022 13:11:21 GMT
server: MNCDN-236
x-mnrequest-id: 4bb1580f31653f61552577eb29f9d97a
x-varnish: 743064697 742473178
content-type: image/png
access-control-allow-origin: *
x-abc: local
cache-control: max-age=31536000
accept-ranges: bytes
x-mserver: 2216
x-nyt-cache: hit cached

GET
H2 200 etsiz-nohut-yemegi-5.jpg
i.nefisyemektarifleri.com/2022/08/31/ Frame 2C63 101 KB
102 KB 41ms
13ms Image
image/jpeg 31.3.2.79
MEDIANOVA-CDN

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i.nefisyemektarifleri.com/2022/08/31/etsiz-nohut-yemegi-5.jpg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

31.3.2.79 Frankfurt am Main, Germany, ASN21245 (MEDIANOVA-CDN, TR),

Reverse DNS

Software

MNCDN-236 /

Resource Hash

cde2d86c6323204b3e715d09b58ab41ecf370b5a10cb1d61fa76b77e0a0a75c0

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Wed, 10 Jul 2024 00:13:04 GMT
date: Tue, 11 Jul 2023 00:13:04 GMT
age: 513
x-edge-location: DE-372
x-cache-status: Edge : HIT,
x-cache: X-MISS
content-length: 103705
x-bn: default
x-xss-protection: 1; mode=block
last-modified: Wed, 31 Aug 2022 10:31:01 GMT
server: MNCDN-236
x-mnrequest-id: 73230bee7683279cb06b326064a0b9e0
x-varnish: 250859771, 884143075 884140396
content-type: image/jpeg
access-control-allow-origin: *
x-abc: remote
cache-control: max-age=31536000
accept-ranges: bytes
x-mserver: 2137
x-nyt-cache: hit cached

GET
H2 200 xa1555678923-751d43b96920b44a27ba4b25ad85fe3b-bpthumb.jpg
i2.nefisyemektarifleri.com/avatar/2019/04/19/3514/ Frame 2C63 4 KB
4 KB 35ms
26ms Image
image/jpeg 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i2.nefisyemektarifleri.com/avatar/2019/04/19/3514/xa1555678923-751d43b96920b44a27ba4b25ad85fe3b-bpthumb.jpg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0757fc98355b7ff4d0bdc506c1ef2aa69aac074686194c2e7690ffdc913035a

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
cf-cache-status: HIT
age: 1602
cf-polished: origSize=4099, status=webp_bigger
content-length: 3656
x-xss-protection: 1; mode=block
cf-bgj: imgq:100,h2pri
last-modified: Fri, 19 Apr 2019 13:02:03 GMT
server: cloudflare
etag: "5cb9c6cb-1003"
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=31536000
x-varnish: 963639170 947879363
accept-ranges: bytes
cf-ray: 7e4cd6a3fff30e37-AMS
x-nyt-cache: hit cached

GET
H2 200 ads.js Show response
mn.nytcdn.com/wp-content/assets/js/ Frame 2C63 24 B
382 B 20ms
19ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/assets/js/ads.js

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b6ad08a66b7925e557e069b9c9fcab676f04fbc22535b7b12c0d8eca8d48803

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:03 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 5891
alt-svc: h3=":443"; ma=86400
content-length: 24
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:38 GMT
server: cloudflare
etag: "623c12a2-18"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gjfgpik%2B4d%2B8Nd06LJh4b3mKWikn7bXuHEf2kglpu8emCHB6eCIkXNH5hP2EGHWVk6dfYw%2BedQSxkPqclZIlyJO2093Hk8urCIyRfI3000vzbEsAd81YFl5liAZGa2cIFfFmU%2FjyW9kJxbFU"}],"group":"cf-nel","max_age":604800}
x-varnish: 806222883 780727298
content-type: application/javascript
access-control-allow-origin: *
x-abc: local
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e4cd6a3e8a6b8e4-AMS
x-nyt-cache: hit cached

GET
H2 200 outside.js Show response
static.virgul.com/theme/mockups/adcode/ Frame 2C63 75 KB
26 KB 199ms
49ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
last-modified: Fri, 23 Jun 2023 06:55:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=43200

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame 2C63 223 KB
74 KB 58ms
22ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-MFXWLS3

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8d6798011ddff641edf6f9468d9c531234b74654391a5e9aa172547982eaa08e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 74891
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jul 2023 00:13:04 GMT

GET
H2 200 olan-biten-dark.svg
c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/ Frame 2C63 949 B
547 B 41ms
25ms Image
image/svg+xml 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/olan-biten-dark.svg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f86c74a7863cd1fa2343f0371ccbac47085bdb301f0df1785c5a4337bd044d24

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 3331
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: W/"623c12a3-3b5"
vary: Accept-Encoding
x-varnish: 768082793 737334775
content-type: image/svg+xml
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=31536000
cf-ray: 7e4cd6a418090e37-AMS
x-nyt-cache: hit cached

GET
H2 200 group(1).svg
c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/ Frame 2C63 4 KB
1 KB 40ms
26ms Image
image/svg+xml 2606:4700:10::6814:e66f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.nefisyemektarifleri.com/wp-content/themes/nytheme/dist/assets/img/svg/group(1).svg

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:e66f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70b9f9cb8f1feda701490e7fa560a0a2e0309ef259f9d74b301c9712e56efa56

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 3331
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: W/"623c12a3-102c"
vary: Accept-Encoding
x-varnish: 767524861 732798306
content-type: image/svg+xml
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=31536000
cf-ray: 7e4cd6a418080e37-AMS
x-nyt-cache: hit cached

GET
H3 200 script-notlogin.js Show response
mn.nytcdn.com/wp-content/themes/nytheme/ Frame 2C63 290 KB
89 KB 28ms
27ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/script-notlogin.js?v=1687242409

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bd4d8b7f56b06140ad3542041b66f635d9cbd4e0da6cc7d17a0e16d014aa2498

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2457
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Tue, 20 Jun 2023 06:26:15 GMT
server: cloudflare
etag: W/"64914687-48777"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DZB0dkpXDw%2Bx7dRx7XIQNzSutZ48FL4wtKpzCurRWPl0%2B%2BsBkqZU52lQ%2FIUw1zf0HI2jkzUAdKvQLrBf5%2BCsOHL8Hs246NcV1o2Am%2BmXXtb60s3lWSIQMUh%2F0P5AWtHMqMlZlnoo9mrFWKQA"}],"group":"cf-nel","max_age":604800}
x-varnish: 204516422 204612307
content-type: application/javascript
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e4cd6a4bf840a58-AMS
x-nyt-cache: hit cached

GET
H3 200 red-iconned-v2.png
mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/img/png/ Frame 2C63 6 KB
6 KB 50ms
50ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/img/png/red-iconned-v2.png

Requested by

Host: mn.nytcdn.com
URL: https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-vendor.css?1687242409

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a2ff6717bd218c66ffde415472bdaf58a1384725840a862a466317727eaaab1b

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://mn.nytcdn.com/wp-content/themes/nytheme/dist/assets/css/single-vendor.css?1687242409
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 5986
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: "623c12a3-1762"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ayaJ5NmCGy94wNiEhWNBWA8EOBCWo5mIuwxaAUeT2kkZcnHtEwh1u7s3egVn%2BPg6B%2FmJBLw5xb1qGs4Rrbb0S38%2B6NFYpi%2F%2FIAiCEyYW09W%2BxNWxm1k3u8XZ30VTLzYMevhI8Aa5XIwcS5DR"}],"group":"cf-nel","max_age":604800}
x-varnish: 170418830 154419429
content-type: image/png
access-control-allow-origin: *
x-abc: local
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e4cd6a4cfa90a58-AMS
x-nyt-cache: hit cached

GET
H2 200 analytics.js Show response
www.google-analytics.com/ Frame 2C63 52 KB
21 KB 43ms
14ms Script
text/javascript 2001:4860:4802:36::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFXWLS3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:36::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 10 Jul 2023 22:50:45 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 4939
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 11 Jul 2023 00:50:45 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ Frame 2C63 171 KB
47 KB 35ms
9ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 11 Jul 2023 00:13:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 46863
x-xss-protection: 0
pragma: public
x-fb-debug: zNemhRXzC3AZGTMjU90KEB5qBlMS9JLqThYToGq0stmUyH3/8kLTcDcu1Te5mXT16OtpsaVOgLKvB9sKxqYg7Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ Frame 2C63 248 KB
84 KB 28ms
28ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WGBDLK44E4&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFXWLS3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b8b3db8bc93666d3bd03eb5b62d59ade16ef138ee6c1156dbf249516f811997

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 86271
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 11 Jul 2023 00:13:04 GMT

GET
H2 200 gpt.js Show response
securepubads.g.doubleclick.net/tag/js/ Frame 2C63 76 KB
26 KB 100ms
45ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/tag/js/gpt.js

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

91c29ef9b0cf77b5f4864470209f3bce975cf8989cb579d04336f44387c9e6bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 26123
x-xss-protection: 0
server: cafe
etag: 205 / 19549 / 31075835 / config-hash: 18038137322586664424
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=900, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:04 GMT

GET
H2 200 ads.js Show response
static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ Frame 2C63 120 B
306 B 49ms
48ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/mockups/tracker/imp/collect/adview/ad/ads.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
last-modified: Wed, 21 Dec 2022 18:47:42 GMT
server: openresty/1.15.8.3
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000
accept-ranges: bytes
content-length: 120

GET
H2 200 str.html Show response
static.virgul.com/theme/mockups/outside/ Frame C663 891 B
1 KB 47ms
46ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/str.html?v=2
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
cache-control: max-age=5184000
content-length: 891
content-type: text/html
date: Tue, 11 Jul 2023 00:13:04 GMT
last-modified: Wed, 28 Sep 2022 10:07:57 GMT
server: openresty/1.15.8.3

GET
H2 200 adsbygoogle.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame 2C63 145 KB
48 KB 105ms
38ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Requested by

Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

90fe049ee82e8f6eb3e041e7432a77ce287c56dae353f85b1e70204577215c67

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Origin: https://www.nefisyemektarifleri.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 49212
x-xss-protection: 0
server: cafe
etag: 11068249245133407679
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:04 GMT

GET
H2 200 prebid7.38.0.js Show response
static.virgul.com/theme/mockups/outside/ Frame 2C63 489 KB
182 KB 52ms
51ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/prebid7.38.0.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
last-modified: Mon, 27 Mar 2023 14:56:06 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 apstag.js Show response
c.amazon-adsystem.com/aax2/ Frame 2C63 236 KB
58 KB 56ms
8ms Script
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/aax2/apstag.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:37:57 GMT
content-encoding: gzip
via: 1.1 5743d3ff81b625f69ad8b8e32fc9c412.cloudfront.net (CloudFront), 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
last-modified: Thu, 29 Jun 2023 21:03:23 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P1, FRA56-P6
age: 2108
x-amz-server-side-encryption: AES256
etag: W/"9352f20e556bff9fea6fd0461aac850d"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: public, max-age=3600
x-amz-cf-id: 7djyveOanYYF0nnx-_d2LG7BkrWKTv7ddEcea9RDckKslv2WmrZmTg==

GET
H2 200 pageview Show response
ng.virgul.com/ Frame 2C63 46 KB
7 KB 144ms
123ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/pageview?c=site_geneli&mt=1689034384322&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=nefisyemektarifleri:site_geneli&userId=&tp=&os=&call=noktaad.ads.vvad&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc0,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.7191275668001056
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: d3709af341a4c3a777ceb714f224ff419e29783a79f18ba9e70cc91494811c82

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 nefisyemektarifleri.js Show response
static.virgul.com/theme/mockups/fallback/ Frame 2C63 15 KB
3 KB 46ms
46ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/fallback/nefisyemektarifleri.js?dts=19549
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3b9166033e13e81c852194510ca321d03a0f3e0f8196cc84858c874a32a0adf4

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
last-modified: Tue, 20 Jun 2023 21:45:07 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 hb Show response
ng.virgul.com/ Frame 2C63 60 KB
6 KB 73ms
73ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/hb?call=noktaad.setHbParameters&site=nefisyemektarifleri&dts=469176
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: c427553964bfa608fd869a3665b7c12d4d9a935e147d264f8a094be96e99ec3a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
server: openresty/1.15.8.3
vary: Accept-Encoding
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
cache-control: max-age=3600
access-control-allow-credentials: true

GET
H2 200 1877570159153553 Show response
connect.facebook.net/signals/config/ Frame 2C63 384 KB
109 KB 15ms
11ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1877570159153553?v=2.9.111&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

a883e74d2f7c31294beaf47eb691d0fa07414cc3ef857e53b768960c94f23a31

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Tue, 11 Jul 2023 00:13:04 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 111683
x-xss-protection: 0
pragma: public
x-fb-debug: M7FwatjM7OYsRn4g1PRP6vdoJeKoU59kxNZH0JxJqTEbtOvkc/Of+hse4PhyJAJmXldMZdj62+Kk8RMUGlzVMw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 publisher:getClientId Show response
ampcid.google.com/v1/ Frame 2C63 74 B
448 B 93ms
26ms XHR
application/json 2a00:1450:4001:82b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.com/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94
x-xss-protection: 0

GET
H2 200 empowerwebplayer3.js Show response
static.virgul.com/theme/mockups/outside/ Frame 2C63 10 KB
3 KB 50ms
48ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Requested by: Host: pcloak.blob.core.windows.net
URL: https://pcloak.blob.core.windows.net/web/6x67420x0229.html?fbclid=PAAaae-SdJFaTCe2X2Rz0YQJeaF_cmcYz8_lmUJJDaLttsAGULWuQIAYEIFUc_aem_AWqMemsf4qpLbeZbkZhrgOzXLw4pKQpSKaow2V3Sax-iHPbhThvsND2Me74HsU0i7CvE1WRhY0ku0e2hAZgH8ddB
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
last-modified: Tue, 13 Jun 2023 13:36:40 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pubads_impl.js Show response
securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/ Frame 2C63 391 KB
125 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/tag/js/gpt.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8187dcb05ebcfc94502aeec0524c23c7d22afbafe17aff1d39acc1d59a3a52db

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 10:36:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 48995
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 127464
x-xss-protection: 0
server: cafe
etag: 4704578582152062329
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
timing-allow-origin: *
expires: Tue, 09 Jul 2024 10:36:29 GMT

GET
H2 204 config Show response
c.amazon-adsystem.com/cdn/prod/ Frame 2C63 0
318 B 9ms
8ms XHR
text/plain 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/cdn/prod/config?src=600&u=https%3A%2F%2Fwww.nefisyemektarifleri.com&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: Server /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 20:38:02 GMT
via: 1.1 bf5c0a6262f04cc4b9a69ef8d737ea96.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
age: 12902
x-cache: Hit from cloudfront
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: max-age=21550, s-maxage=21600
access-control-allow-credentials: true
x-amz-cf-id: 8sL1NaA_uz2tsu_z2k1U2KgRgn-LXRKhSNsPeNvNcw-2a7TZeuehbg==

GET
H2 200 aps_csm.js Show response
c.amazon-adsystem.com/bao-csm/aps-comm/ Frame 2C63 6 KB
3 KB 25ms
8ms XHR
application/javascript 108.138.1.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://c.amazon-adsystem.com/bao-csm/aps-comm/aps_csm.js
Requested by: Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.138.1.25 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-108-138-1-25.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: rBtfgJUMGYsy5fZuQwMAU7hSD.fVdF76
content-encoding: gzip
via: 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront)
date: Mon, 10 Jul 2023 07:35:47 GMT
x-amz-cf-pop: FRA56-P6
age: 61130
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
last-modified: Sat, 24 Jun 2023 09:19:11 GMT
server: AmazonS3
etag: W/"a4d296427fc806b21335359e398c025c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
vary: Accept-Encoding,Origin
x-amz-cf-id: 7lV3MNUDYjAen2JoJv4npUbpxlxd6k2fDefAFwhYJtDUFvlFChv9gQ==

POST
H2 200 publisher:getClientId Show response
ampcid.google.de/v1/ Frame 2C63 3 B
377 B 114ms
57ms XHR
application/json 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ampcid.google.de/v1/publisher:getClientId?key=AIzaSyA65lEHUEizIsNtlbNo-l2K18dT680nsaM

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
access-control-allow-credentials: true
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

GET
H3 200 show_ads_impl_with_ama_fy2021.js Show response
pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/ Frame 2C63 344 KB
118 KB 75ms
44ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=www.nefisyemektarifleri.com

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

38501cf8b04f67448d163ac869cbea2b0aa83cc46f9d2f4ee7f70638b70bb4f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121062
x-xss-protection: 0
server: cafe
etag: 12193392249200063232
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600, stale-while-revalidate=3600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:04 GMT

GET
H2 200 zrt_lookup.html Show response
googleads.g.doubleclick.net/pagead/html/r20230706/r20190131/ Frame 3258 10 KB
5 KB 53ms
14ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/html/r20230706/r20190131/zrt_lookup.html

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js?client=ca-pub-6593523210010154

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 17318
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=1209600
content-encoding: br
content-length: 4544
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 19:24:26 GMT
etag: 12368291122986407432
expires: Mon, 24 Jul 2023 19:24:26 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.facebook.com/tr/ Frame 2C63 0
185 B 31ms
11ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1877570159153553&ev=PageView&dl=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&rl=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&if=true&ts=1689034384532&sw=1600&sh=1200&v=2.9.111&r=stable&ec=0&o=30&cs_est=true&it=1689034384360&coo=false&rqm=GET

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 11 Jul 2023 00:13:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ Frame 2C63 0
31 B 32ms
13ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1877570159153553&ev=ViewContent&dl=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&rl=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&if=true&ts=1689034384535&cd[content_name]=Etsiz%20Nohut%20Yeme%C4%9Fi&cd[content_ids]=248941&cd[content_type]=recipe&cd[recipe_mainCategory]=Bakliyat%20Yemekleri&cd[recipe_subCategory]=Bakliyat%20Yemekleri&cd[recipe_claps]=27&cd[recipe_comments]=40&cd[recipe_cookDuration]=25dk&cd[recipe_cooked]=22&cd[recipe_cookType]=Ha%C5%9Flama&cd[recipe_hasVideo]=Hay%C4%B1r&cd[recipe_prepDuration]=20dk&cd[recipe_rating]=4.6&cd[recipe_saved]=10873&cd[recipe_serves]=2-4%20&cd[contributor_id]=3514&cd[contributor_followers]=50060&cd[contributor_city]=undefined&cd[contributor_recipes]=undefined&cd[user_id]=undefined&cd[user_gender]=undefined&cd[user_recipes]=undefined&cd[user_followers]=undefined&cd[user_followings]=undefined&cd[user_city]=undefined&cd[user_role]=undefined&cd[ingredients]=domates%20sal%C3%A7as%C4%B1%2Ckarabiber%2Ckuru%20so%C4%9Fan%2Cnohut%2Cpul%20biber%2Cs%C4%B1v%C4%B1%20ya%C4%9F%2Csivri%20biber%2Csu%2Ctuz&sw=1600&sh=1200&v=2.9.111&r=stable&ec=1&o=30&it=1689034384360&coo=false&rqm=GET

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Tue, 11 Jul 2023 00:13:04 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 adview Show response
ng2.virgul.com/ Frame A77A 3 KB
3 KB 192ms
55ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=649563a3e4b07cc95f8808f6&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=649563a3e4b07cc95f8808f6___153183-375847772
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 6f8a139b2b833bbd7a30c343981c6c8731d7a1600708247a3a75bcfd23ac202b

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-length: 2706
content-type: text/html
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng2.virgul.com/ic/ Frame 528E 756 B
998 B 182ms
50ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 33addeca1f5b2a05d4cf6fdb3e073ff4c2c097d1eac78bbd4c5e87d1038f046b

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-length: 756
content-type: text/html
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3

GET
H2 200 adview Show response
ng2.virgul.com/ Frame 8BAD 868 B
1 KB 177ms
52ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=5e73154be4b0016313fa90d5___1542481295923528
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: c46be04df9d9d182d48649edf8a0b1ea96acf62c5ea39a1693a87051a0b756aa

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
server: openresty/1.15.8.3
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
access-control-allow-credentials: true
content-length: 868
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng2.virgul.com/ic/ Frame 4C0B 756 B
998 B 167ms
46ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 33addeca1f5b2a05d4cf6fdb3e073ff4c2c097d1eac78bbd4c5e87d1038f046b

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-length: 756
content-type: text/html
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3

GET
H2 200 adview Show response
ng2.virgul.com/ Frame 8769 869 B
1 KB 159ms
53ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=5e73154be4b0016313fa90d5___15424812959235282
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: a3043be71adeabe66264623fc2aa5113454c310de9192535cad9cf960b6084ff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
server: openresty/1.15.8.3
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-type: application/javascript
access-control-allow-credentials: true
content-length: 869
expires: Tue, 04 Jan 2022 10:49:40 GMT

GET
H2 200 adview Show response
ng2.virgul.com/ Frame F9F5 3 KB
2 KB 159ms
54ms Document
text/html 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng2.virgul.com/adview?a=64a9c002e4b0748d1c923674&r=153185@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=64a9c002e4b0748d1c923674___153185-50503217
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7b98b76a2c21d271449e6e0f60cb5f0a035d42312e6049622a974dec3fff2ae2

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
content-encoding: gzip
content-type: text/html
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Tue, 04 Jan 2022 10:49:40 GMT
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'
server: openresty/1.15.8.3
vary: Accept-Encoding

GET
H2 200 nefisyemektarifleri.js Show response
static.virgul.com/theme/mockups/sites/ Frame 2C63 37 KB
12 KB 47ms
46ms Script
application/javascript 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://static.virgul.com/theme/mockups/sites/nefisyemektarifleri.js?dts=469176
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 7ef7148f577d4b8db5481c0c82ec42fc53e2b2d3c7f83b2662977759f58477ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
last-modified: Thu, 27 Apr 2023 09:08:15 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=5184000

GET
H2 200 pandg-sdk.js Show response
pghub.io/js/ Frame 2C63 17 KB
5 KB 71ms
17ms Script
application/javascript 35.241.45.217
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pghub.io/js/pandg-sdk.js
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/adcode/outside.js?dts=19549
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.217 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 217.45.241.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:55:04 GMT
content-encoding: gzip
age: 1080
x-guploader-uploadid: ADPycdvsPAg3pc4KqNUYl6YTpvPo9EYCRz-xHBT6KVo9NEkaAvDXeXFRSJrhhXImhtXGwT19lW9Mv5Oy5yy72G5U_wYztA
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5009
last-modified: Mon, 05 Jun 2023 16:36:50 GMT
server: UploadServer
etag: "47a886353056caf33a998c6041e20896"
vary: Accept-Encoding
x-goog-generation: 1685983010517890
x-goog-hash: crc32c=aHj4lg==, md5=R6iGNTBWyvM6mYxgQeIIlg==
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public,max-age=3600
x-goog-stored-content-length: 5009
accept-ranges: bytes
content-type: application/javascript

GET
H2 200 zoneview
ng.virgul.com/ Frame 2C63 0
222 B 46ms
46ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689034384623&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153183@153193@153204@153190@153201@153187@154248@154248@153202@153184@153185@153186:nefisyemektarifleri&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.4155549908140923
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 NoktaNpmPlayerApi.js Show response
c1.imgiz.com/player_others/html5/ Frame 2C63 7 KB
3 KB 350ms
49ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Requested by: Host: static.virgul.com
URL: https://static.virgul.com/theme/mockups/outside/empowerwebplayer3.js?v=20
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
last-modified: Wed, 13 Oct 2021 11:58:21 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 00:13:05 GMT

GET
H2 200 bid Show response
aax.amazon-adsystem.com/e/dtb/ Frame 2C63 23 B
473 B 148ms
119ms XHR
text/javascript 108.138.9.235
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://aax.amazon-adsystem.com/e/dtb/bid?src=600&u=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pr=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&pid=JW0VsaYyL1gH1&cb=0&ws=1600x1200&v=23.612.1758&t=1200&slots=%5B%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15319321728129623web_nyt_malzemeler_yani_300x250%22%2C%22s%22%3A%5B%22300x250%22%2C%22250x250%22%2C%22200x200%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_nyt_malzemeler_yani_300x250%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15318421728129623web_nyt_left_tower%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%2C%22300x250%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_nyt_left_tower%22%7D%2C%7B%22sd%22%3A%22div-gpt-ad-1455783126174-15318721728129623web_nyt_sidebar_300x600%22%2C%22s%22%3A%5B%22300x600%22%2C%22160x600%22%2C%22120x600%22%2C%22300x250%22%2C%22250x250%22%5D%2C%22sn%22%3A%22%2F21728129623%2Fweb_nyt_sidebar_300x600%22%7D%5D&pubid=e0a76a78-9ad1-46f2-a337-886c2e24ac91&gdprl=%7B%22status%22%3A%22no-cmp%22%7D

Requested by

Host: c.amazon-adsystem.com
URL: https://c.amazon-adsystem.com/aax2/apstag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.9.235 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-9-235.fra56.r.cloudfront.net

Software

Server /

Resource Hash

745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8

Security Headers

Name	Value
Strict-Transport-Security	max-age=47474747; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
strict-transport-security: max-age=47474747; includeSubDomains; preload
via: 1.1 e75bff6012758ccb55ff41b176b32342.cloudfront.net (CloudFront)
server: Server
x-amz-cf-pop: FRA56-P6
x-amz-rid: 6H3RJ6T5SN1Q7T6RAGQW
vary: Accept-Encoding,User-Agent
x-cache: Miss from cloudfront
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 23
x-amz-cf-id: oJTcOXkwlaOVQgjkijoXBbbWrlTUuTizjAVOFGLXoHJhXAFJplEKRg==

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2C63 107 B
456 B 84ms
24ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2C63 82 KB
21 KB 273ms
272ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2446746173552980&correlator=757997485347656&eid=31075835%2C31075906%2C21065724&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_tarif_yapilis_sonrasi&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C615x60%7C468x60%7C600x200%7C300x250%7C250x250%7C200x200&fluid=height&ifi=2&adks=3912523020&sfv=1-0-40&eri=1&cust_params=amznbid%3D0%26amznp%3D0%26category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689034384322%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689034384874&lmt=1689019205&dlt=1689034383875&idt=897&adxs=486&adys=3326&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=obfw1tjk72l7&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=300x0&msz=656x0&fws=388&ohw=300&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5f5761311e712ed3bead5c10b77c638114d520411f6834e38385b358fcb51bb8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: 280300
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21570
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 429223
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 container.html Show response
a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 31ED 6 KB
3 KB 116ms
47ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Wed, 10 Jul 2024 00:13:04 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng.virgul.com/tck/imp/ Frame 4C0B 0
212 B 46ms
46ms Script
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/tck/imp/5e73154be4b0016313fa90d5?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=154248@site_geneli@nefisyemektarifleri:site_geneli&mt=1689034384322&l=&info=&t=cpc_annotation&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&os=
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 5e73154be4b0016313fa90d5 Show response
ng.virgul.com/tck/imp/ Frame 528E 0
212 B 47ms
47ms Script
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://ng.virgul.com/tck/imp/5e73154be4b0016313fa90d5?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=154248@site_geneli@nefisyemektarifleri:site_geneli&mt=1689034384322&l=&info=&t=cpc_annotation&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&os=
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/ic/5e73154be4b0016313fa90d5?g=1&t=cpc_annotation&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 jquery-3.3.1.min.js Show response
c1.imgiz.com/js/site/ Frame F9F5 85 KB
35 KB 295ms
139ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/js/site/jquery-3.3.1.min.js
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=64a9c002e4b0748d1c923674&r=153185@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=64a9c002e4b0748d1c923674___153185-50503217
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
last-modified: Wed, 16 May 2018 07:27:31 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 00:13:05 GMT

GET
H2 200 64a9c002e4b0748d1c923674
ng.virgul.com/tck/imp/ Frame F9F5 0
212 B 48ms
48ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/64a9c002e4b0748d1c923674?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&mt=1689034384322&sdr=&et=&r=153185@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner:153185@site_geneli@nefisyemektarifleri:site_geneli&os=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&cs=1689034384747
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=64a9c002e4b0748d1c923674&r=153185@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=64a9c002e4b0748d1c923674___153185-50503217
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 jquery-3.3.1.min.js Show response
c1.imgiz.com/js/site/ Frame A77A 85 KB
35 KB 204ms
50ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/js/site/jquery-3.3.1.min.js
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=649563a3e4b07cc95f8808f6&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=649563a3e4b07cc95f8808f6___153183-375847772
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: 160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
last-modified: Wed, 16 May 2018 07:27:31 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 00:13:05 GMT

GET
H2 200 649563a3e4b07cc95f8808f6
ng.virgul.com/tck/imp/ Frame A77A 0
212 B 48ms
48ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/imp/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&mt=1689034384322&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner:153183@site_geneli@nefisyemektarifleri:site_geneli&os=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&cs=1689034384753
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=649563a3e4b07cc95f8808f6&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=649563a3e4b07cc95f8808f6___153183-375847772
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://ng2.virgul.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 403 ads Show response
googleads.g.doubleclick.net/pagead/ Frame BE09 603 B
218 B 68ms
67ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689034384502&bpp=5&bdt=627&idt=415&shv=r20230706&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=985379360434&frm=24&ife=1&pv=2&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31075758%2C44788441%2C21065724&oid=2&pvsid=2446746173552980&tmod=909861124&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.2hvw5b7yrmk6&fsb=1&dtd=435

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/managed/js/adsense/m202306290101/show_ads_impl_with_ama_fy2021.js?client=ca-pub-6593523210010154&plah=www.nefisyemektarifleri.com

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 46
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:04 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 t.js Show response
bitbeat7.com/ Frame 8BAD 65 KB
18 KB 49ms
9ms Script
application/javascript 18.66.147.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=0853741689034384944
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=5e73154be4b0016313fa90d5___1542481295923528
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-18.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82ee1e40c5621a84f4cd861d9d7212c7bb94ffde5bdf1bc8cb1f4e32dff9c4e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: zOoo2_h9TaVhAd990YG88tzvCQTcR.0W
content-encoding: gzip
via: 1.1 70d755f7200c02162c7545e4ce74649a.cloudfront.net (CloudFront)
date: Mon, 10 Jul 2023 01:54:28 GMT
last-modified: Tue, 27 Jun 2023 15:35:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 80318
x-amz-server-side-encryption: AES256
etag: W/"cd7dd170485b6d0fa6991dfd6c25d426"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: zri8MW2n0QaFdhiTmLHlgwdZv0uPXTN9nf2_zgz1n4MBIcbjiaycMA==

GET
H2 200 t.js Show response
bitbeat7.com/ Frame 8769 65 KB
18 KB 52ms
12ms Script
application/javascript 18.66.147.18
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=8364541689034384944
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=5e73154be4b0016313fa90d5&r=154248@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=5e73154be4b0016313fa90d5___15424812959235282
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-18.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 82ee1e40c5621a84f4cd861d9d7212c7bb94ffde5bdf1bc8cb1f4e32dff9c4e0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

x-amz-version-id: zOoo2_h9TaVhAd990YG88tzvCQTcR.0W
content-encoding: gzip
via: 1.1 70d755f7200c02162c7545e4ce74649a.cloudfront.net (CloudFront)
date: Mon, 10 Jul 2023 01:54:28 GMT
last-modified: Tue, 27 Jun 2023 15:35:35 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 80318
x-amz-server-side-encryption: AES256
etag: W/"cd7dd170485b6d0fa6991dfd6c25d426"
vary: Accept-Encoding, Origin
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: DC18WXUWfLsIOzjMn4w3wAY1enboPqBkc0x176Grfpspfk-iVbfp2Q==

GET
H2 200 zoneview
ng.virgul.com/ Frame 2C63 0
222 B 49ms
48ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689034384955&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153995@153363:nefisyemektarifleri&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.1772584325556068
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ Frame 2C63 0
222 B 49ms
49ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689034384956&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=155307:nefisyemektarifleri&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.30159722159467073
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ Frame 2C63 0
222 B 50ms
49ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689034384962&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153218:nefisyemektarifleri&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.18598870178074445
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 zoneview
ng.virgul.com/ Frame 2C63 0
222 B 49ms
49ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689034384965&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153260:nefisyemektarifleri&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.5514051190936009
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:04 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H2 200 tag Show response
feed.pghub.io/ Frame D3AC 13 B
257 B 62ms
23ms Document
text/html 34.102.243.38
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://feed.pghub.io/tag?referrer_url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&page_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&owner=P%26G&bp_id=noktacommedya&ch=%7B%22architecture%22%3A%22%22%2C%22bitness%22%3A%22%22%2C%22brands%22%3A%5B%5D%2C%22fullVersionList%22%3A%5B%5D%2C%22mobile%22%3Afalse%2C%22model%22%3A%22%22%2C%22platform%22%3A%22%22%2C%22platformVersion%22%3A%22%22%7D&initiator=js&data=%7B%22category%22%3A%22site_geneli%22%7D

Requested by

Host: pghub.io
URL: https://pghub.io/js/pandg-sdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.102.243.38 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

38.243.102.34.bc.googleusercontent.com

Software

Resource Hash

b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628

Security Headers

Name	Value
Content-Security-Policy	default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
access-control-max-age: 300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-store
content-security-policy: default-src 'none';img-src https://*.pghub.io https://match.adsrvr.org
content-type: text/html;charset=utf-8
date: Tue, 11 Jul 2023 00:13:05 GMT
strict-transport-security: max-age=31536000
via: 1.1 google

GET
H2 200 unfriendly.gif
bitbeat7.com/p/ Frame 8BAD 0
351 B 155ms
155ms Image
image/gif 18.66.147.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitbeat7.com/p/unfriendly.gif?i=spt4ntkb5q5ru2l99px
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-18.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
x-amz-version-id: EE9hgHBeXFHY2gb85mUsL1p1qwyR4gS_
via: 1.1 70d755f7200c02162c7545e4ce74649a.cloudfront.net (CloudFront)
last-modified: Mon, 14 Feb 2022 17:22:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 0
x-amz-cf-id: DYVAdlKMaUHhr9ETXY_5IJdR9eFuhtQCh_VEWEXIWDq9AM7e6L6Uig==

GET
H2 200 300x18.png
placehold.jp/24/cccccc/000000/ Frame 8BAD 2 KB
2 KB 3164ms
1993ms Image
image/png 160.16.238.49
SAKURA-B SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://placehold.jp/24/cccccc/000000/300x18.png
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.16.238.49 Tokyo, Japan, ASN9370 (SAKURA-B SAKURA Internet Inc., JP),
Reverse DNS: tk2-261-40045.vs.sakura.ne.jp
Software: Apache /
Resource Hash: 7876391f25f26ccf3297d78d34a1922dcc16c54fcaa51e8622e90bbc6fc96e80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
cache-control: max-age=31536000, public
last-modified: Wed, 01 Jan 2020 00:00:00 GMT
server: Apache
age: 19899
content-length: 1772
content-type: image/png

GET
H2 200 unfriendly.gif
bitbeat7.com/p/ Frame 8769 0
350 B 152ms
151ms Image
image/gif 18.66.147.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bitbeat7.com/p/unfriendly.gif?i=spt4ntkb5q5ru2l99px
Requested by: Host: bitbeat7.com
URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=8364541689034384944
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.147.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-147-18.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
x-amz-version-id: EE9hgHBeXFHY2gb85mUsL1p1qwyR4gS_
via: 1.1 70d755f7200c02162c7545e4ce74649a.cloudfront.net (CloudFront)
last-modified: Mon, 14 Feb 2022 17:22:36 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Origin
x-cache: Hit from cloudfront
content-type: image/gif
accept-ranges: bytes
content-length: 0
x-amz-cf-id: DKvurUnazTPNPdIVFv3z0MPB8MLrknb1BvtjMNEbR9SjerxsxxadNw==

GET
H2 200 300x18.png
placehold.jp/24/cccccc/000000/ Frame 8769 2 KB
2 KB 3159ms
1993ms Image
image/png 160.16.238.49
SAKURA-B SAKURA I...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://placehold.jp/24/cccccc/000000/300x18.png
Requested by: Host: bitbeat7.com
URL: https://bitbeat7.com/t.js?i=spt4ntkb5q5ru2l99px&cb=8364541689034384944
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 160.16.238.49 Tokyo, Japan, ASN9370 (SAKURA-B SAKURA Internet Inc., JP),
Reverse DNS: tk2-261-40045.vs.sakura.ne.jp
Software: Apache /
Resource Hash: 7876391f25f26ccf3297d78d34a1922dcc16c54fcaa51e8622e90bbc6fc96e80

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
cache-control: max-age=31536000, public
last-modified: Wed, 01 Jan 2020 00:00:00 GMT
server: Apache
age: 19899
content-length: 1772
content-type: image/png

GET
H2 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2C63 107 B
165 B 23ms
23ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2C63 85 KB
23 KB 359ms
358ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2446746173552980&correlator=1349409410180201&eid=31075835%2C31075906%2C21065724&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_malzemeler_yani_300x250&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C250x250%7C200x200%7C160x160%7C300x100&fluid=height&ifi=3&adks=1562665157&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689034384322%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689034385025&lmt=1689019205&dlt=1689034383875&idt=897&adxs=643&adys=1989&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=g0mbhellpvwk&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=300x-1&msz=308x-1&fws=388&ohw=300&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f289d19af02c60f0f10ce952bc3ccbcb5dece34abd2e63f7ea18c0672eede763

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: 280300
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23545
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 429223
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2C63 85 KB
23 KB 473ms
471ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2446746173552980&correlator=1816265865614294&eid=31075835%2C31075906%2C21065724&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_tarif_gorsel_en_alt_610x280&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x250%7C320x180%7C320x250%7C468x60%7C336x280%7C468x280%7C600x200%7C640x205%7C300x100%7C320x100&fluid=height&ifi=4&adks=3546791932&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689034384322%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689034385029&lmt=1689019205&dlt=1689034383875&idt=897&adxs=486&adys=6403&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=v7d958vh738f&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=621x0&msz=656x0&fws=388&ohw=641&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

450df0e01a070deaa1fa1c33444ba45d0ee367dc7a58060ebd0eb9610ed6ba79

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: 280300
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23411
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-mediationtag-id: 429223
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2C63 25 KB
12 KB 378ms
377ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2446746173552980&correlator=3176649950692182&eid=31075835%2C31075906%2C21065724&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_sidebar_300x600&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C300x600%7C160x600%7C120x600%7C300x250&fluid=height&ifi=5&adks=1631017644&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689034384322%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689034385034&lmt=1689019205&dlt=1689034383875&idt=897&adxs=972&adys=1436&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=ktfxg0b29fw0&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=300x600&msz=328x0&fws=388&ohw=300&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

823095b985c5cc4aaa4983f8a6f836445644a61f8e089f4e1e16ebf75d8881b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11842
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ads Show response
securepubads.g.doubleclick.net/gampad/ Frame 2C63 25 KB
12 KB 549ms
548ms XHR
text/plain 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://securepubads.g.doubleclick.net/gampad/ads?pvsid=2446746173552980&correlator=3771325432300330&eid=31075835%2C31075906%2C21065724&output=ldjh&gdfp_req=1&vrg=202306290101&ptt=17&impl=fif&iu_parts=21728129623%3A21696649314%2Cweb_nyt_left_tower&enc_prev_ius=%2F0%2F1&prev_iu_szs=320x50%7C160x600%7C120x600%7C120x240&fluid=height&ifi=6&adks=4169634498&sfv=1-0-40&eri=1&cust_params=category%3Dsite_geneli%26plm%3Dnull%26viewable%3D2%26site%3Dnefisyemektarifleri%26mt%3D1689034384322%26pager%3D1%2540site_geneli%2540nefisyemektarifleri%253Asite_geneli%26policy%3D0%26host%3Dwww.nefisyemektarifleri.com%26url%3Dtsiz%2520nohut%2520yemegi%2520248941%2520%2526vi%253D10710800%2540%26targetCtr%3D0%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%2520sal%25C3%25A7as%25C4%25B1%252Ckarabiber%252Ckuru%2520so%25C4%259Fan%252Cnohut%252Cpul%2520biber%252Cs%25C4%25B1v%25C4%25B1%2520ya%25C4%259F%252Csivri%2520biber%252Csu%252Ctuz%26nyt_cat%3Dpost&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&sc=1&cdm=www.nefisyemektarifleri.com&abxe=1&dt=1689034385041&lmt=1689019205&dlt=1689034383875&idt=897&adxs=140&adys=159&biw=-12245933&bih=-12245933&isw=1600&ish=1200&scr_x=-12245933&scr_y=-12245933&ucis=yp9wo7pu64rh&oid=2&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&bc=31&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&nvt=1&nhd=1&url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&top=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&frm=24&vis=1&psz=0x-1&msz=0x-1&fws=900&ohw=1600&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=true

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8973dd5cf4867f0c35f1cf04a1c39d78becf98f01576802566c09c403fa2bb7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11786
x-xss-protection: 0
google-lineitem-id: -1
pragma: no-cache
server: cafe
google-creative-id: -1
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.nefisyemektarifleri.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 / Show response
www.facebook.com/tr/ Frame A114 0
81 B 8ms
7ms Document
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://www.nefisyemektarifleri.com
Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: true
access-control-allow-origin: https://www.nefisyemektarifleri.com
alt-svc: h3=":443"; ma=86400
content-length: 0
content-type: text/plain
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:05 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains

GET
H2 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2C63 345 KB
119 KB 167ms
84ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121723
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 2C63 398 KB
128 KB 73ms
73ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 00:13:05 GMT

GET
H2 200 container.html Show response
a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 403D 6 KB
3 KB 17ms
15ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Wed, 10 Jul 2024 00:13:04 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2

200

ad.js Show response
trgde.adocean.pl/__/_1689034385232/ Frame A77A
Redirect Chain

https://trgde.adocean.pl/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc...
https://trgde.adocean.pl/__/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deee...

3 KB
1 KB

19ms
19ms

Script
application/x-javascript

92.222.252.174
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://trgde.adocean.pl/__/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner&cs=1689034384752&m=
Requested by: Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=649563a3e4b07cc95f8808f6&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=649563a3e4b07cc95f8808f6___153183-375847772
Protocol: H2
Server: 92.222.252.174 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip174.ip-92-222-252.eu
Software: GAD /
Resource Hash: 46cd6d208b2a8201b2b08698f2afad06e6a1119e2763d6b92ce5b24a9b793820

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
server: GAD
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 990
expires: Mon, 10 Jul 2023 00:13:05 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: GAD
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
location: /__/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner&cs=1689034384752&m=
cache-control: no-store, no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 0
expires: Mon, 10 Jul 2023 00:13:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 403D 8 KB
1 KB 67ms
24ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 11 Jul 2023 00:01:56 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 403D 15 KB
3 KB 50ms
46ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 18:51:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 18:51:49 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 403D 371 KB
128 KB 17ms
13ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:39:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 394439
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 10:39:06 GMT

GET
H2 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 403D 20 KB
9 KB 53ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:06 GMT

GET
H2 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 403D 24 KB
7 KB 58ms
19ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 191256
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 07 Jul 2024 19:05:29 GMT

GET
H2 200 B30172735.371005084;sz=300x250;ord=1689034384747;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_sdk_apis=[APIFRAMEWORKS];dc_omid_p=[OMIDPARTNER];gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_... Show response
ad.doubleclick.net/ddm/adi/N6553.834839NOKTA.COM/ Frame 72A3 60 KB
29 KB 115ms
52ms Document
text/html 142.250.184.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ad.doubleclick.net/ddm/adi/N6553.834839NOKTA.COM/B30172735.371005084;sz=300x250;ord=1689034384747;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_sdk_apis=[APIFRAMEWORKS];dc_omid_p=[OMIDPARTNER];gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;dc_tdv=1?

Requested by

Host: ng2.virgul.com
URL: https://ng2.virgul.com/adview?a=64a9c002e4b0748d1c923674&r=153185@site_geneli@nefisyemektarifleri:site_geneli&l=&ext=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&cs=1689034384412&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&vmn=64a9c002e4b0748d1c923674___153185-50503217

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f6.1e100.net

Software

cafe /

Resource Hash

66295bc2bf30464d635bc529ea6975bd37f312eef6e783a94c8170d6e8da690b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ng2.virgul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 28425
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:05 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 csi
csi.gstatic.com/ Frame 403D 0
234 B 377ms
131ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ljxjgon0&c=5136533165635&slotId=2568266582817.5&qqid=CLyWnbSvhYADFf0BVQgdfQAICQ&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 403D 15 KB
16 KB 51ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 198530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 403D 15 KB
15 KB 52ms
18ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 247358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 03:30:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 403D 0
20 B 50ms
49ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CX894kJ6sZLyOOv2D1PIP_YCgSP7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwHIAwKqBNcCT9DamttMr8Ori-ptlvDl9B4Xi8HCeZA1LgRXy9Bqd1sYYNZZAewMqdXqeepKbuFylYsW2MHeHYeCrMFgo-s00IQyAX9pn_vEsFr2JopfRCq_j2_Oxiob68FkBwj3Skr31Pz63nVt_XC92P5oQ1fcyql_Z9htE1EKjUzJjUAPXqpw2j-gFbgn6rdUyYBmka4BccuQLuilL_wpag1Bodna1-a-HWcfhmXHexa8QX4bgf9TUKjX7XZDOb2nZRAotfrDHHnitN8zzy_stJ7Jy_Jf0SzPGtEFLgaOMHi4HlG0Ep2akSfks5mi7cYscFlJk333sAndSXjaSUSZxG4yG6V1j1MVJd4H86PAp8LGlvAkrEvxnq-V7IuPjns9OtJFaGkjOEExOPspgojzc4g3yvVuEVeyzdwzfXkbTbaR3Em8m9e6dDe8d_VB0GqY3826Zvy4G6pjVsSGpeAEAYAGibfA_vS0426gBiqoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzP6CwIIAYAMAdAVAYAXAQ&eventType=clickstring&clientTime=1689034385364&ai=CX894kJ6sZLyOOv2D1PIP_YCgSP7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwHIAwKqBNcCT9DamttMr8Ori-ptlvDl9B4Xi8HCeZA1LgRXy9Bqd1sYYNZZAewMqdXqeepKbuFylYsW2MHeHYeCrMFgo-s00IQyAX9pn_vEsFr2JopfRCq_j2_Oxiob68FkBwj3Skr31Pz63nVt_XC92P5oQ1fcyql_Z9htE1EKjUzJjUAPXqpw2j-gFbgn6rdUyYBmka4BccuQLuilL_wpag1Bodna1-a-HWcfhmXHexa8QX4bgf9TUKjX7XZDOb2nZRAotfrDHHnitN8zzy_stJ7Jy_Jf0SzPGtEFLgaOMHi4HlG0Ep2akSfks5mi7cYscFlJk333sAndSXjaSUSZxG4yG6V1j1MVJd4H86PAp8LGlvAkrEvxnq-V7IuPjns9OtJFaGkjOEExOPspgojzc4g3yvVuEVeyzdwzfXkbTbaR3Em8m9e6dDe8d_VB0GqY3826Zvy4G6pjVsSGpeAEAYAGibfA_vS0426gBiqoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzP6CwIIAYAMAdAVAYAXAQ

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 403D 0
45 B 363ms
131ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ljxjgonp&c=5136533165635&slotId=2568266582817.5&qqid=CLyWnbSvhYADFf0BVQgdfQAICQ&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.dy&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 403D 31 KB
17 KB 107ms
51ms XHR
text/xml 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-Cn2hrPXs8YQbp4F1KdxfgvY82EeqFr9eB808lWTc1PonbqZPfCdtL9BQcXQxhzV_gL1SLKoa_g90FZmkqE941Xt0nvlg&cry=1&dbm_d=AKAmf-DFuRW0Cv-eSu0UaHWB0bqeTyQ-H5pOnySX903UAcsA-56OUTNaGNNgUxVKn17esaHE4T8wwye9tGoJbMapEoh0-SAhztdToQLdDxyBatGrVo_siBplZozIvg32NzfsF8r10Wz2RI9zSOG9wdjSxAKjJLFblqDbA24Cxs-pYgaFSrUXnVUu-jgwbhWOPo5MJpx2u29vlgvHimjnuIDV4npgyBCuf-H7gvSrRTibjKgu9jBWSjiljg2TdZOzP3X9jVygYaU2K29qjhGbwWeaqpoktIbSO0KBRnPx-jDQFse5FrL69uhB5q3VrahMJVRJDOqSusucvsqTu2xXolA-VbmUBF9WW8jdI_mg1vxYVQxSsqampkdO_W5QKIN6nom8w4Jz-7QL6LLAlB6n0tBwQss4PXVOh7Ar8LiDxdzBvGexZJCr5-vgn-AA8L_T8P5tBjtUw8M1ei7uBhdWn0rv45L0ouw4qQ17ygBlfn9KITVqMxnnoqCdYYWKcUp61hM6YXiPClRprGTjIVNrjUoCUiApMZJiLGVKZIUVODbixbDfh0iJyAnhhEHrVhrPG5Giz9RqT8dw-Xunrt0G0XjrXNrtwM-ks-asqmAaTXOoZtSZU4w7BTwloIYSMzGNzFb6PMANxER9QKIec0NpRQeyBnx3kd25czarIVEtVTsOK5nAB1NQ_uqSjpxpbgXvAvc5VShGH1x1j3O2rLZutsvAPXZEmtdVchOW8n9YiBxl7WIKjDgz5L5RbaHGJ3z7t0_oYMdGaJDi3Js5uzod-Do9pI1CGW62RvavkiTXabUpUPOogrHZzd1pA2cnOxWP6_JsKNUQWcOK1iFMVaEC3mYKu3Ot6QfP3XWJ2jrsn2vWmiKacrnZs5Tms0St-w5lG-zAv40Bkwx_jwhTXV9NMl4wsN2fOFzgOlfgN-qrYUdgUuzhsdsNRB31oEmdqpfEL53xAQzh2PyYURkXaNXXJeRl233WyAAiNhFTv4lqljpbNCoZhybFhCucVkQMqRUIHb4J93PbU9x1G6hlvCSbXLQhFkIc2R9MgezDp0yERZsBj2zjj1TpxPEqnfb-JLFDbTJAresgtos7nv1hRB0KlRVWG_Y9iFUb1KVAK_Jz8a_CNeAIUnHflxVFXTG80Dw9bWesRyOBlc1wONkAoe3j5BLp7bXNAKOF-YRGV1g1NagiG2-6zY-yC3Acs6_D-GsPcmtDHyUC71MVpceHUJ7Qq2gEmhLL3uKXXApT1FNL4bzqUUex3h6-AIBupH5LQhFEFwuw-uvc4h58UQ5P4g0vaF1FCmXJfH2yFu8Wq9LpMCvUs_UxLxfhRbpx4vVshZ-mmYX8NPip1LBcHmjKkCBRh2OqyMCYVv8n1aukpIhMeiNyktKn2xNUVkLVVECc040soeUbVNtiQKfWpVkVF1Wc5CUg3kkNli8nW0oddCToan2N9wQf4l2hazp5f-iM6mf_V83lcLgRO91tH3eXDNvwtTf3_s1Xnr_jZT_-Pe-KrLmkRFWjQe3P7PBhu7Zoh4vOW2axcARRIlhDY7XyOTzmOWXVmQ-7F_CHx5eFq64VNGZL1DXCsuEA5rKg_O5agO0vAjCtdW9u6MoFoNDRRqz1hf9_Kw1NxwIP9bcSUDPPfLIAyijBFfe5cPtOHrH_i4S4eV7sAzQwKWHDc1PBi0p_pBrNoorjpLxT9QAsP_HQnZuu5qAhV4QWrJXs-Cju0BUOAcFgDgRViG-95wLIGtj8FXO2N9YXR_NyXuVou7nslpoxi_9d80rma8Vn2jqdzbFzwW85Y7c78BcStc8JE_DgxiFqTmggOs9LSBMMdD0coEU822cSbiu6u_NxGN1L6FC4OhQQ_wJI5t7JPUeDENcm63_Zty9Ic6j9SAgcg6BJKmiBC8TH5d0kHpSn6o2bZFiC2SEG054wkvBsK8dEcSXee1Z5KNBqXsxfg_gjclignTp6tQmhF-9_tWJ96MiFLHOsmMk_A3BjPL6opXQsiOqYUbXo9M0KpdZh59dcO1hOZJTW27Nv8GIIpFQ7oNJWYBQ2JwDAn9ijedqSIFcMBP6FE2IBc0AXp18PDE9TfD-UNW_Uzi9J-IBvdodb9HFyEwt-7JHJzx1lIxyBraw_ANqvME4xiUmv5Mi07Yp6r8CdeNoHwdk4fGLwjDoFk1uinGg2MEKYf0YF88Em_TMkAH5qDyEh0QUaI_0HMfK5P_JVfOvbeblmkwgLI8PpdrUxpp5T5Q5rXHWBalqZGBYVaMUBn-2_qSUi_ApQufKN_J5F6_OempoVoK1aOmllZ8Ur1v9s6on7Y5QFUbiwN5KvAsh7SIgKNAAYbX7IDFxWMfcJrW0Fl0EJWFOOk4T_oFgoRgDDSFoebSZBWzrGH8u8p3JEwgfY1EoOmzGFdO4Evfm2hGDhO_eTwTaKlxwOh7SONw0hTGu4LAdpNhtBkwNE9yuVGpooWQQkOmI0PCI4lBAId69J10kd0ro2DgjWDftiBL93j0Wyq1b_QnbZrRXF8Ocw6HsWTVj6vppNPMc7ZyakZnyNxCiU5eRfHxBIm1eFFW6axqWHoO4gh02RQg7pxbiXzLPHFAUmqgaWeG9ElzcdBf8rYrLi_W_QC1p7D6mxhbmaNLsu772peK9c6kxZenH1p34ulssFbhNngQErzEwOGTqhGIe7tsM3BpMf6bJZSx4vRz24jiAkunG0M_7KTRl0la4FpCe1LJdftYia_w6dvkrVORyemWMRIGmUyEpaxVE24KgkPusUkmi6vW-Txgoe0Oc9KsDNEYo-E0oMgSkQajqYuGfV5k9U6DI83ltsPX9iqD3AubloQloVqqV1REOjLDoX0AqeY54UxnbIjTZ-jSxsZub2M_WWv39y4nGGNE_4TAoTni4dMbJZNAU9BYM-Ic1RDW4faFhcrhCjIM8LXNzJO-nVXUoXJi4ck7Hpc3KiHwQmVO5oPzDTsaAydnM-2BH7n76P9ciMM55Ggt4YhNeK5YuvjU1gr5_ceLwmy6y2nGpYYa8eZwGXU9-kEsj2LHH1GmzMll1VIw-RYwo9ZJdymFW1jDhqRoiPS00Rj6IOBrQyxfZuVo7ZMO0LEh1ZZLidqNnMbwffDdis76pAuewQCdyxt4faOdFbDxCp3V8OltaTOqhzyTA3-ei8NCNtmz8mEhz6EouWhFFvi-UPotpjMdr0kIP3kfR2Gig7yraliuZaSIEYu2qgXxq5XQ8OWTohXD5FrfdyFzd4dvSa5z7E1-mzIWMThrxPZ-HHxCDsz0WrHNbJMbl3eubq40vL2zhNNn7JkeYlH6y3L8JKM3-a32BeI66JgG4yPq1CH9iF1ImrqrfrPi46PrWLsiyKTZu6CWmOoaf63fFjQZX-hb4N0xIowXbOoPtHW6W-teUe6V1m0SX2jkNPkNTDeyPFI3ooZZEYVfkdvUNP0XnmJulUlwZnIdIOv8Pu1imGQ7vOUPkI8f2uUznlV4sMR4oTc6wc8-TI7S4nT-ueStcJBHez6X7hypP3BIBYs-vmV-cvMEqLHmZ0e-jPzcpML2jHxnndu-Qnx8VH6xnDjLiOYDMFHOz6CKk8pdynCz-zuO1dmr_aEal8vzuQ_fDbikKPn4xZlJUgmZGTaXLVNBQitJiVNv4PPZ1alfvys_EPROfheP9DO5WBZcHcE6zRLWaF4p1vGvSUvKozcNzYA4ZELWBrg2_cZKPWMH-U-AU_y8zCtSiWqdJ5eMjl&cid=CAQSGwBpAlJW1fw_bqnjbOvam26DWUhldR0L9LbbEBgB&pr=8%3A2A85F8E94C2E882D&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

cafe /

Resource Hash

208cad1ecb436c132f7331dfd66263e5015566b8963db33bacd6d6963fc714f9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17029
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1153249498522766748
s0.2mdn.net/simgad/ Frame 72A3 78 KB
79 KB 68ms
14ms Image
image/jpeg 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/simgad/1153249498522766748

Requested by

Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adi/N6553.834839NOKTA.COM/B30172735.371005084;sz=300x250;ord=1689034384747;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;dc_sdk_apis=[APIFRAMEWORKS];dc_omid_p=[OMIDPARTNER];gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;dc_tdv=1?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

109551dc23198bb00f09060fa2a78b5a61947f967bd7f360012fd4ae7abfc58a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 16:24:22 GMT
x-content-type-options: nosniff
age: 287323
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 80183
x-xss-protection: 0
last-modified: Fri, 07 Jul 2023 10:47:01 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/jpeg
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Sat, 06 Jul 2024 16:24:22 GMT

GET
H3 200 sodar_loader.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/xfa/ Frame 72A3 10 KB
4 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/xfa/sodar_loader.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b9f1f334eb1e6c08aac717173cbf89930c1166459e7b82fabb07c0fdca2442eb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:12:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21659
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4269
x-xss-protection: 0
server: cafe
etag: 15948555402759810793
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:12:06 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/ Frame 72A3 11 KB
4 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/omrhp.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:00:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22337
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:00:48 GMT

GET
DATA 200
OK truncated
/ Frame 403D 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 569484b8bd9d2c7864a9235728c63ab0037b28d3e0131d165966a9a92988528d

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame 72A3 179 KB
57 KB 1200ms
1161ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57266
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688579601580341"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 72A3 0
0 111ms
53ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst31KT1MkbP0dHZf99Oj9QXlkwXLrhVSH9udni0GRttOGzhBaCEvag-Sag6E04NoSvqrSVTeMLWNefDdV5hitDxyCXT3Xq5Qv2sKOMZ8mGEkxkf2BdroKWnKAs9nYSxOiV_CND5mfuo_tdH7nrV9vyefELtMpuF3rWjmlmW&sai=AMfl-YTYvyLLGi8IJQ4qoOhCIYXCkPwuF528Fww6Gc7N3JvJJBN-ClPdDjA6YlRRxMPg4ajCJl2qNLDZX_U1Rt_t1IJOrzNe1SHy4-uh7w&sig=Cg0ArKJSzCJlzfsELjWqEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=2&cbvp=1&cstd=0&cisv=r20230706.29221&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H3 200 container.html Show response
a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame 48FD 6 KB
3 KB 26ms
25ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Wed, 10 Jul 2024 00:13:04 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame 72A3 41 KB
14 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 493416
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
H3 200 container.html Show response
a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame C9C8 6 KB
3 KB 21ms
17ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Wed, 10 Jul 2024 00:13:04 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 403D 0
0 62ms
61ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CJQN9kJ6sZLyOOv2D1PIP_YCgSP7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwGqBNQCT9DamttMr8Ori-ptlvDl9B4Xi8HCeZA1LgRXy9Bqd1sYYNZZAewMqdXqeepKbuFylYsW2MHeHYeCrMFgo-s00IQyAX9pn_vEsFr2JopfRCq_j2_Oxiob68FkBwj3Skr31Pz63nVt_XC92P5oQ1fcyql_Z9htE1EKjUzJjUAPXqpw2j-gFbgn6rdUyYBmka4BccuQLuilL_wpag1Bodna1-a-HWcfhmXHexa8QX4bgf9TUKjX7XZDOb2nZRAotfrDHHnitN8zzy_stJ7Jy_Jf0SzPGtEFLgaOMHi4HlG0Ep2akSfks5mi7cYscFlJk333sAndSXjaSUSZxG4yG6V1j1MVJd4H86PAp8LGlvAkrEvxnq-V7IuPjns9OtJFaGkjOEExOPspgojzc4g3yvVuU1WSXwmolk2wpvUsCFcFZ2CGXD6Sb1XqHHQhKXOkSuRvpFlX_eAEAYAGibfA_vS0426gBiqoB6a-G6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA0ggUCIDhgBAQATICqgI6AoBASL39wTryCBthZHgtc3Vic3luLTYxNDU3NjA5ODQyODMxMzOACgP6CwIIAYAMAdAVAYAXAbIXHAoaEhRwdWItNzk4MzY1MTI1NzgzODI4MhjqwW0&sigh=5qinYfCKGjc&uach_m=[UACH]&cid=CAQSLQBpAlJWvKC0L6MEdlSRrQshYvR11ELp3DxnK5bC3Y05xjCQtBsSGjyNk3RbPRgB&vt=10&cbvp=2&vis=1
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 72A3 7 KB
6 KB 30ms
30ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=r20100101&st=int

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/xfa/sodar_loader.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

fa8b5cbc4819d72a86fc1a972c838c723cecb06df25466adf42c9250477f1125

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5641
x-xss-protection: 0

GET
H2 200 xgde.js Show response
gdetr.hit.gemius.pl/gdejs/ Frame A77A 56 KB
20 KB 109ms
19ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Requested by: Host: trgde.adocean.pl
URL: https://trgde.adocean.pl/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner&cs=1689034384752&m=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 243ff4b38ca5fe323056ea75585fb66ec3ed73293eac13e7d215376f1418eb4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 07:57:30 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "63D7786A0000E1021FE82885"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 20061
expires: Wed, 12 Jul 2023 00:13:05 GMT

GET
H2 200 970x250.jpg
trgde.adocean.pl/files/akannjvincs/plcrirltpv/rermiviprx/ Frame A77A 133 KB
133 KB 23ms
23ms Image
image/jpeg 92.222.252.174
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://trgde.adocean.pl/files/akannjvincs/plcrirltpv/rermiviprx/970x250.jpg
Requested by: Host: trgde.adocean.pl
URL: https://trgde.adocean.pl/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner&cs=1689034384752&m=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 92.222.252.174 Paris, France, ASN16276 (OVH, FR),
Reverse DNS: ip174.ip-92-222-252.eu
Software: GAD /
Resource Hash: 1e4be629de0343e1f1cac6468d90bc5d0f6f4341697bbe062a4092f7e08cd873

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Fri, 05 May 2023 06:40:50 GMT
server: GAD
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "6454A4F2000212BC64DCA0A1"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: image/jpeg
cache-control: public, must-revalidate, max-age=4320000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 135868
expires: Wed, 30 Aug 2023 00:13:05 GMT

GET
H2 200 inscreen_lib.js Show response
gdetr.hit.gemius.pl/gdejs/ Frame A77A 25 KB
10 KB 109ms
19ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/inscreen_lib.js
Requested by: Host: trgde.adocean.pl
URL: https://trgde.adocean.pl/_1689034385232/ad.js?id=xyalWXsETQAadqVh5LCXRVWnXlZNYPrVMqd49pKCGdz.57/nc=0/gdpr=0/gdpr_consent=/redir=https://ng.virgul.com/ct/649563a3e4b07cc95f8808f6?userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&sdr=&et=&r=153183@site_geneli@nefisyemektarifleri:site_geneli&l=&info=&t=banner&cs=1689034384752&m=
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: c3b1ca5d98d4076ec5875d96d79179647df3148e16005ec6c2b7e131eabecbb5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
last-modified: Wed, 28 Nov 2018 10:03:50 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "5BFE68060000651BD04AF2C1"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 9748
expires: Wed, 12 Jul 2023 00:13:05 GMT

GET
H2 200 css
fonts.googleapis.com/ Frame 48FD 8 KB
823 B 49ms
22ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 23:43:06 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H2 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 48FD 15 KB
3 KB 37ms
13ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 18:51:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 18:51:49 GMT

GET
H2 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame 48FD 371 KB
127 KB 38ms
14ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:39:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 394439
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 10:39:06 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame 48FD 20 KB
8 KB 52ms
31ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame 48FD 0
0 106ms
26ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTjlpv0JNG59riWahcP4G83frKBG9-fJML2IaZKhiJU-FvD3YCsOB1HxOwp45zpD8weeG0eiVYFENctTRHjTvrhZoLGDQ
Requested by: Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame 48FD 24 KB
6 KB 57ms
36ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 191256
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 07 Jul 2024 19:05:29 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 403D 0
54 B 232ms
132ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ljxjgoo4&c=5136533165635&slotId=2568266582817.5&qqid=CLyWnbSvhYADFf0BVQgdfQAICQ&fb=outstream-lima&vast_v=3.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 403D 41 KB
15 KB 47ms
40ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 04:59:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414812
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 04:59:33 GMT

HEAD
H/1.1

200
OK

2
r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 403D
Redirect Chain

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r2---sn-5hnednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...
https://r2---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...
https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

133ms
16ms

Fetch
video/mp4

2a00:1450:400e:17::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0667FD83D57C6DA342DA65FF274DA1C70FCF75C3.24D0216FE11F3EB8AC5E353467C706E3C0412171/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/5a5c0f37f49fa3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689033887/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

HTTP/1.1

Server

2a00:1450:400e:17::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 00:13:06 GMT
X-Content-Type-Options: nosniff
Connection: close
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 2220696
Last-Modified: Fri, 07 Jul 2023 14:34:05 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: video/mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=86400
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Timing-Allow-Origin: null
Expires: Tue, 11 Jul 2023 00:13:06 GMT

Redirect headers

Date: Tue, 11 Jul 2023 00:13:05 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/0667FD83D57C6DA342DA65FF274DA1C70FCF75C3.24D0216FE11F3EB8AC5E353467C706E3C0412171/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/5a5c0f37f49fa3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689033887/mv/m/mvi/2?ir=1&rr=13&file=file.mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Connection: close
Timing-Allow-Origin: null
Content-Length: 0
Expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame A899 22 KB
8 KB 41ms
38ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://ad.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 493352
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame 2812 624 B
242 B 68ms
26ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjJmbXcATAB&v=APEucNW6GKtIkfl49qg2Wb83SIRfZQcI8DuhLUWwlBS4_Rc3QRrxOY45k37KPgToNkfyfbNg7qlmho2TCiefAx-lRLtnSuUUNDGWv9pOzo-CtFjZPYqdcLSdzBwr0DVvXO3zS-O1O0vvAbed_F-3HbFKsVTlQDfA45_RIOI2myowuLcuTKSIvVA

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame C9C8 78 KB
27 KB 82ms
45ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9C8 42 B
63 B 84ms
47ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-AYhBFgUCuAzrLl4VlQI3WiszlS8bkLNiD584WCQcS-na7D69AcfqBaCN9hd5i6Dl63fQjpzWUOSyFHZZ_L6-zeR37fLxnkPyShh2SbnGFvPXJrayo

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9C8 0
20 B 83ms
46ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=16072255406061897398&x=1&ct=76

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame C9C8 3 KB
1 KB 53ms
16ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/window_focus_fy2021.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22738
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame C9C8 20 KB
8 KB 53ms
17ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame C9C8 0
0 72ms
25ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaTSaQvHUnFNv1Wgpg0Q8qgiOGVJjpafbDf6fnnDQ0i8q02KvG3XHvnwDL2-RFOUm5sMacqaEw-XddWQsLazPQb21aGwVw
Requested by: Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame C9C8 179 KB
56 KB 1112ms
1066ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57266
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688579601580341"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H2 200 view
googleads4.g.doubleclick.net/pcs/ Frame 72A3 0
0 96ms
52ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjst31KT1MkbP0dHZf99Oj9QXlkwXLrhVSH9udni0GRttOGzhBaCEvag-Sag6E04NoSvqrSVTeMLWNefDdV5hitDxyCXT3Xq5Qv2sKOMZ8mGEkxkf2BdroKWnKAs9nYSxOiV_CND5mfuo_tdH7nrV9vyefELtMpuF3rWjmlmW&sai=AMfl-YTYvyLLGi8IJQ4qoOhCIYXCkPwuF528Fww6Gc7N3JvJJBN-ClPdDjA6YlRRxMPg4ajCJl2qNLDZX_U1Rt_t1IJOrzNe1SHy4-uh7w&sig=Cg0ArKJSzCJlzfsELjWqEAE&uach_m=[UACH]&cry=1&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=119&vt=11&dtpt=117&dett=2&cstd=0&cisv=r20230706.29221&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H3 200 container.html Show response
a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame D729 6 KB
3 KB 33ms
14ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Wed, 10 Jul 2024 00:13:04 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 5e2588ac6f82ad050a013a34
ng2.virgul.com/tck/imp/ Frame 2C63 0
222 B 58ms
48ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5e2588ac6f82ad050a013a34?g=1&t=gb&r=153193@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:05 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 5235 23 KB
8 KB 19ms
14ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 63097
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 06:41:28 GMT
expires: Tue, 09 Jul 2024 06:41:28 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 container.html Show response
a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/ Frame B9FF 6 KB
3 KB 18ms
14ms Document
text/html 2a00:1450:4001:809::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:809::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, immutable, max-age=31536000
content-encoding: br
content-length: 2653
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:04 GMT
expires: Wed, 10 Jul 2024 00:13:04 GMT
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2812
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

43 B
766 B

9ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjJmbXcATAB&v=APEucNW6GKtIkfl49qg2Wb83SIRfZQcI8DuhLUWwlBS4_Rc3QRrxOY45k37KPgToNkfyfbNg7qlmho2TCiefAx-lRLtnSuUUNDGWv9pOzo-CtFjZPYqdcLSdzBwr0DVvXO3zS-O1O0vvAbed_F-3HbFKsVTlQDfA45_RIOI2myowuLcuTKSIvVA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:05 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=499
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame 2812
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://dsum-sec.casalemedia.com/rrum?cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D&cm_dsp_id=85&ixi=0&C=1
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKyekeb2HoFaDortVPyq7QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjJmbXcATAB&v=APEucNW6GKtIkfl49qg2Wb83SIRfZQcI8DuhLUWwlBS4_Rc3QRrxOY45k37KPgToNkfyfbNg7qlmho2TCiefAx-lRLtnSuUUNDGWv9pOzo-CtFjZPYqdcLSdzBwr0DVvXO3zS-O1O0vvAbed_F-3HbFKsVTlQDfA45_RIOI2myowuLcuTKSIvVA
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=495
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame 2812
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1

43 B
843 B

8ms
7ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjJmbXcATAB&v=APEucNW6GKtIkfl49qg2Wb83SIRfZQcI8DuhLUWwlBS4_Rc3QRrxOY45k37KPgToNkfyfbNg7qlmho2TCiefAx-lRLtnSuUUNDGWv9pOzo-CtFjZPYqdcLSdzBwr0DVvXO3zS-O1O0vvAbed_F-3HbFKsVTlQDfA45_RIOI2myowuLcuTKSIvVA

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
an-x-request-uuid: 5d415578-8ffe-4675-8692-f324d36a9c47
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.194.30; 178.162.194.30; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 2812
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://ib.adnxs.com/bounce?%2Fgetuid%3Fhttps%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dappnexus%26google_hm%3D%24%7BBASE64_UID_ENC%7D
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
an-x-request-uuid: 173b5df6-f6a9-43ef-9a9f-53b04326a590
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D
x-proxy-origin: 178.162.194.30; 178.162.194.30; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 48FD 0
54 B 121ms
121ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ljxjgoul&c=4543384542910&slotId=2271692271455&qqid=CMqjp7SvhYADFRkE4AodtPIFVA&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 48FD 15 KB
16 KB 15ms
14ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 198530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 17:04:15 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame 48FD 15 KB
15 KB 16ms
16ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 247358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 03:30:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 48FD 0
20 B 49ms
49ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=CdHTqkZ6sZIqXB5mIgAe05ZegBf7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwHIAwKqBNwCT9CCEp6bG5tnVvijwNAo8XlrBb7xrNDwZxej5J_PPi4ry1qbgIzLvRZNwMedQNYiyL_NCo-RIRAVGSBAWf3Gq19ZYDgyd_7iTcf80z62S25LyS5rkub_R8I5_5VU80ORbTkA5p5qmdT1ognPvAmJu-rxc7B29QLfLFL_pngC7Np6Mk2RSPrvfe7xoXi5Azzd3athX7Npdm8cO7j5SH2Saf7L7hxRYRKrwhmSZn4v-KOphxAeMKkodY9r2-gpMr20-3sPSj1ubVZQ4hTJgknV4X0x8cp_yhsAVnEK4rX1I0mm2aQx1Uoux25JYt7hLE_8d1MpsspkduR_UV2Y9SvbpSgh5oBueeJWh9yCtT0UMxldlAqJzyN5Cy2v3yOj0KZBtmwES14alg6y-5zC89PFJ6-FGFQYnPZL84LVrLvEYeGU3KUMNj9c_x0u7tu8kW8Du73pfmCfrqH4YIPA4AQBgAaJt8D-9LTjbqAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjE0NTc2MDk4NDI4MzEzM_oLAggBgAwB0BUBgBcB&eventType=clickstring&clientTime=1689034385659&ai=CdHTqkZ6sZIqXB5mIgAe05ZegBf7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwHIAwKqBNwCT9CCEp6bG5tnVvijwNAo8XlrBb7xrNDwZxej5J_PPi4ry1qbgIzLvRZNwMedQNYiyL_NCo-RIRAVGSBAWf3Gq19ZYDgyd_7iTcf80z62S25LyS5rkub_R8I5_5VU80ORbTkA5p5qmdT1ognPvAmJu-rxc7B29QLfLFL_pngC7Np6Mk2RSPrvfe7xoXi5Azzd3athX7Npdm8cO7j5SH2Saf7L7hxRYRKrwhmSZn4v-KOphxAeMKkodY9r2-gpMr20-3sPSj1ubVZQ4hTJgknV4X0x8cp_yhsAVnEK4rX1I0mm2aQx1Uoux25JYt7hLE_8d1MpsspkduR_UV2Y9SvbpSgh5oBueeJWh9yCtT0UMxldlAqJzyN5Cy2v3yOj0KZBtmwES14alg6y-5zC89PFJ6-FGFQYnPZL84LVrLvEYeGU3KUMNj9c_x0u7tu8kW8Du73pfmCfrqH4YIPA4AQBgAaJt8D-9LTjbqAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjE0NTc2MDk4NDI4MzEzM_oLAggBgAwB0BUBgBcB

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 48FD 0
54 B 121ms
120ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ljxjgovv&c=4543384542910&slotId=2271692271455&qqid=CMqjp7SvhYADFRkE4AodtPIFVA&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.hq&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame 48FD 31 KB
17 KB 50ms
49ms XHR
text/xml 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DpPU-3bw2jq-baW3FFfe6IvBr_AhLZaVQR6pOx-ny-ic0rC1dj30x5uab6Ljkahctu3D60GYY-ePEFlWzrXJ2M7b5PDQ&cry=1&dbm_d=AKAmf-Bhjdh0MmMTi-3-9G2pS8xWUxKQXJsLwm6xWaHsUuyvNoXdPKsCMNANI6hr0UiM14mbAHCDnNSKoZOzg1JUHx_HcO9EL2Qxb3A9p63FTQfh8RQr6y-v_bYtl5PqXkMfgBz0Yi5qWcijd9XarKrYudAs5b8uzxHEFjQuFeDl5OmGDNIsmqeHcpfF3cd6wac9i7bAbVkHbEvUSgTZlx0hHzfxC0225IT8U9BBnKDNbaJAgqvzRYERwJnxbQdoKD1Kgo3reTLZDZbK50q4-HITygp65nGY8Tv-Sr2ryxOfx7bb6ErXj5NLk1HvipfzkSaO3d21g_RwuEW6HfMIWP7s6XuQUxDYN9SlCZEwxP8Y3TLBXmBvEV5WjC920fdNPKZDK-haWwQbas6r516DV2Oq0M69LtkJmxfCFIt3wCF8C1I5IW6uhhCOAz0r9nU0CLLnFkBqxe9P0x9Iaj0CGWXyubJIuGrZilhWLCJ2YYQYQE7loTBJNiMyBJ_B0tg8Ehe3DcQnaYKROcL15x21Kks5VIJGK3kY4fNB9U80hbMMQLo3xh71RTXmRtcI9i0amHXtld5bYX1bmGnhkB_f3af3U5Q5tpyRe-fbDa3rDPwvGDSTHQhpAh61-kSEfk7NwlvG7Dn591B8ihd2Rg45AciNHM6T5By2ZDXNJaR6Y6K7mIhnv-bBOkjUxu_kRL-xF5B9cx-1j0qN38DDV7TbCIOTtui6XCbyRxpBVTmhhCvsse-G0_NVnYhI0kaGrhGy3n_64a1kNQn1NLsPP2DExT8hCYCZwrCkSTrfpycVFiquW6hds5Wu9_B6KtOSW9TFaIxM0JdfpW08LGBxIk9fwPVFh0L-jus1EO8WZHAC62ExlGbeF0y53JsgSGpSG7f8fH4ltZb8XrlmTZQ1Oh2T9sSymH7GRNUcWkkoFCTcFzKmjoa5VtOHpNXXPNywBDj4hka-tD9TUgJPbO85WoZFqKgAJ3jSmK7kiRy6ob4YqE38_eNhDdUUEcmMeqjqvKRlEdVYYXPYgboSvfv98yiKzfuXhntIQhfLLLpCpP9CvcKWimrCUR-tiOXm3UREcK8GENk8wjyRalzeLuYeEkoMjZoPDVH07AwjTFF6fw_Hftaf_TiAWK0CMahl-p_WKLFvgsYuwpbnk2ApeLGYOUu6nRcZlQ8TdMkKwf6bDG20sTaMi3VDyVihtWm_y5AexASVxHqbjmYRD1qeFQ47QbErEf8aGjn-tvZ2s6UNf3SDSakEOkN5R-vqOGHVf4V5SbJBWNgIl7L1m7NC_x6_bOrYQSGREtQZmSC9KO18QnUutSRD75IZPEDMPd0m7vJvVcmMqHDdgr4VtyoSnoEUNaWPldVZd_56Wvw0AgaB_QtZn6kM53zoFlAdiWWa8NMQ-uphTf8av5M-b8YZWTTxB1Pe3oJVMzqZWOnl22NDORubCoN_yzDEmLd7wQrt2seYgBhkyr06dsvNzoVV8bWYmcjYAobRqfeDtdJxuyYv8LwCyNKyIOo_datlnqzqdrnzFqJEVA7FqwiOW9K_RrQID3v6VvDdTATYUA6FWqxNiKg1iZJ794mh-2bIlNuewQfxmBhdZ1erExXZIDyjm4Hw6QLoDsw6ErH9fUR_Kz8NgFFCVIlOMKBapO18yqu1fKOSRRHDiC1oLgzREDWcLiWnFavHEe7lvhsKfzTBqw4j1MMFk4oNtJjlBoNlYNmYzOY6FKDK6XZeglGOrHz7XqxEzG2QG5T83edOPh8l3eA1_nVReaGGPWIvochAZ9hxva9ynGxM7kPXXw3SMT7DmVvUowQkkpa5KuMDA56SvLgGUzMFhJXdiL-LNkdOtbSYrnu7JQ-yQhS0NE_l4VvEs0f4rryIxP--121CtWnvRUGaXYJ08bjdqJ9ASm0FXGt3Pf1ttnwo7hui00audENkCI3VG7ON1q1rzS0sXAr5v4A8cB7UTcxkXDrBVA3nQ19Cwk09yvCtxXVFseUSckmh4p2Vg1qyQoqXNATaOKBpL2ShDdSXjWw3VbTj8eF4Uu1RCazH0Bi2LqTCNC5oM3m3NSdfH6iNhkjypO6h9pyNHob4w_O9imvcdJ6dZB8UhWIB3MiCA22WvwX7Z9P5QNpjsI4o6RG92jAe0xQYNNd_OXgOVCk9OrbqjAxvsRlEhOJWJLIwVHogsxrPqCV0olXe-mj_NS9VwSNbfMDFB0DQ3sezkJWHtNASOjEnfEMqEvJPE7obCpHSr5tZf1KVscn0KoevQh_yavQgjg7Y8XwJVdvOlSYuuRLoISCJzN6Ces9B9q6WdptTMGb7DK1z-cTw8O_k8BIA3c00RBQ1iUjmtOFfLPFNyK1UFbih0WCIPB4U5ViwmwbfGZZBCegtaojqZH7jfzE21p73xgU3IEdP_W1VYd_RE5pMHdofdOlaqEYCq9Mywd-kEJjCFLtOyCjoInZEkuveCd6GnhbdX97sWGHfR8xKXm7dT6zhEhIk2MtImA9zAe2_lemNKGGXCSy7b64SGn5isFUoIeR2HXREXWHhVo4qsYYa4ooBaUk9aCOuGOa9WDABXbVzDA_UMJuL0BzmdimCkYdBHq0zwHPAi9Cj45AFbZjdJPcNRd_pFZXRCQDvGgsDu7f2F3Kc1nWpefqcyjFpFsCkFR94F4xZCCjr7mGqRjUimqQhL2amSRT-no3vd2SIxsZ-a3jxSSDXnAM3M4DZrmOPXbz4bW_dI3VaZMTdHI8eIL9MiG8x1qK4yFeqtC3asOUdLjHn56pf5hUKj_urjxnOh3SDZ9lO5-z7QUv5mlY3leCdQb0KAk4ASLq2ZmlRLl0y-4hA5afbkVCZTA07cboEMhgTMU3qPnCdJSg6o52qK6FPKwsen8SkgL0ImxILhWnCpltMN_vY4hQDv_IlcKnD98B1Kwj_cLaA6NNi2eXWbkeNLDok0IcPqz-odk_UxbG0Oi7qjAiy9OU5Gr3PLZn2LQvcQ2UIn04YnqCElmqNeCGdqxisIRPdHr6KztYPOiPHjLDVtyP1LAg9fd0nfhnwwsLlnUDadzTJHEUDaRpCi_ZfnoUvikN_H5sA07zCl547-PI4fLCSog89YWoN-8KBU0MeUDAW7eIIHFCHcnfVhibCLrUEr9D4FyYmKaq5pUGZN-VPiTqwm7kY-hkcUMTULtwXzrc4WsJkyBGU_yOBamYKY1jA2IV9AuzjRKnV1UW8NSitLVxvU45wPq8Zcgoo6t6Dwzw_hK1Q0MTAAuKfkEM3Ns6BYzymB_DOMOGqJD5VAF449rS9dWbvrrvbzvFjv4I4mlTqDnxRa2tRdv_LEF1nywJgd584xEU03TxyUGxEoRWQZo7maWlSNU7dqSPEuxAJeUxPkI1l2Yixj0g4VSYtXN1oXWc6bMED26ABv1oGhOo1i8-nEh8duLsjOVNguwENIX3YxtyjZW4MH95xmKK2BDuoeE-lVOOffexP-Un55QAAXlOuXVl2aNFY8JVRWpUqAmxSw-50B2K4V4F1fY4mNBDqf-1mzNFV6u2s1Fpg_jBQLIfxtx2nXQWvxss4qWkbc4Fwly9A-88G_VUGMrE6DkXq91pMhzdLOVqi2hVA3ISZUAfhcZUlvzQwRQKVe0iFdl8OrcrHDwkgFMYCQ3cDxIxzC38OjNfQx8RIx2vokpunAJVNqlk52Ow7W8FH4ziBrLdmLrvpM95duuqhvwo6Y3v-hNKJbU5dD7c97svecUICzpu-&cid=CAQSGwBpAlJWE8cF-TGi7LzBB6zyuIAfWM6KCnVF9RgB&pr=8%3A7AD512716DA77DC7&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

cafe /

Resource Hash

378831a6813642059afb6c949ace42d6be131d5387f7b476348cd2e4702c8370

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17177
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 css
fonts.googleapis.com/ Frame D729 8 KB
750 B 24ms
23ms Stylesheet
text/css 2a00:1450:4001:829::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 23:09:00 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H3 200 outstream.min.css
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame D729 15 KB
3 KB 16ms
15ms Stylesheet
text/css 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.css

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Fri, 07 Jul 2023 18:51:49 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 278476
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2883
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Jul 2024 18:51:49 GMT

GET
H3 200 outstream.min.js Show response
imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/ Frame D729 371 KB
127 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 10:39:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 394439
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 130330
x-xss-protection: 0
last-modified: Wed, 17 May 2023 00:43:28 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 10:39:06 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame D729 20 KB
8 KB 17ms
16ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:06 GMT

GET
H2 204 l
www.google.com/ads/measurement/ Frame D729 0
0 25ms
24ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaRjwUmQq4p2al4sVtmUy5LsFcKDpODHj3qLSxpmsnHTKu0twW6JfePJKb1_f_Ibr-akDtI_82bWh_1tzug9uaEEfOIXxg
Requested by: Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 ext.js Show response
tpc.googlesyndication.com/safeframe/1-0-40/js/ Frame D729 24 KB
6 KB 18ms
17ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/safeframe/1-0-40/js/ext.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 19:05:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 191256
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6402
x-xss-protection: 0
last-modified: Thu, 03 Nov 2022 19:10:08 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-gpt-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-gpt-scs"}]}
content-type: text/javascript
cache-control: public, immutable, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-gpt-scs"
expires: Sun, 07 Jul 2024 19:05:29 GMT

GET
H3 200 bridge3.580.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 0A43 713 KB
228 KB 17ms
15ms Document
text/html 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79c277fbe5ccce5c88a681d39733fba8d6c31f1812f8952ec3a5e35b2b0beab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 262671
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 233312
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Fri, 07 Jul 2023 23:15:14 GMT
expires: Sat, 06 Jul 2024 23:15:14 GMT
last-modified: Fri, 07 Jul 2023 23:05:23 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 2C63 44 KB
16 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:13:05 GMT

POST
H/1.1 200
OK 10710800 Show response
panel.izlesene.com/api/player/npm_nefisyemektarifleri/ Frame 2C63 1 KB
1 KB 427ms
89ms XHR
application/json 185.7.176.4
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://panel.izlesene.com/api/player/npm_nefisyemektarifleri/10710800
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 185.7.176.4 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: nginx/1.4.4 /
Resource Hash: 97cca378266a80b45a00de0c6f7731328bfc0ad7e6d9b6428efe3d76be2e19d7

Request headers

Referer: https://www.nefisyemektarifleri.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type: application/x-www-form-urlencoded

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:06 GMT
Content-Encoding: gzip
Server: nginx/1.4.4
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, POST
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Expires: Sat, 26 Jul 1997 05:00:00 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame CB85 39 KB
13 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ea555c1e979c28e1d20d729c64ff36b267b83dcabdefe96460d9ae860e4082f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:57:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 912
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13681
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 22:37:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:57:53 GMT

GET
H3 200 nyt-logo-duo-200.png
mn.nytcdn.com/wp-content/assets/img/ Frame 2C63 3 KB
4 KB 46ms
44ms Image
image/png 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://mn.nytcdn.com/wp-content/assets/img/nyt-logo-duo-200.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3002e63c4d3d76bb53d4618f047d2c0a50b692602ea8d6f19ef19bd1dfade34

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
cf-cache-status: REVALIDATED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
content-length: 3269
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:37 GMT
server: cloudflare
etag: "623c12a1-cc5"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=koTR3nTzqvDN6DdM3BiQQvUVU%2FmvV5CAWspzN6nXRdJue4NH1ws6F%2FNFUn4d5L1cXBv1wc8l7BeoRTVGCo1H6ACAEURe9dLRnTkMtWEZ3oo3WC%2BWl4zqnT%2FInhG%2B2CLyPigD927lIpDtz%2Fvd"}],"group":"cf-nel","max_age":604800}
x-varnish: 154969503 154734174
content-type: image/png
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
accept-ranges: bytes
cf-ray: 7e4cd6aec97b0a58-AMS
x-nyt-cache: hit cached

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame A899 37 KB
14 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9C8 0
20 B 48ms
47ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=556261232221&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9C8 0
20 B 47ms
46ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=556261232221&version=m202301230201&ct=76&x=1&cor=16072255406061898000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame C9C8 95 KB
38 KB 56ms
56ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZbyXeukZYZ8yM2l8-Qaz1pcA89-2TdLYX0OtZGPOM4WLYJ4MOGbJHuitkbYJE2jXc6EWSi0-ZW87CeAlAV32tGwxjqSk0jio_3hOE99LKURiw4Oo&cry=1&dbm_d=AKAmf-B646d1qPktW7kqGYGyLZk-1fx5RedGJyNDlqkVzJZV9WyDkW6DYFilqojmHPjJJcPTdzEO7EmiZqoifNYhxWDR-41iB4jbG0I2gAtcdV3me6HabpAjXNMehGy_GMCeqf1UbFOIom-uVOp12Cnnlbf3q_4O5E4T9bv_Sclw6w2jjDRNh0u00aV2GhBNQHSjAcZImivMlPE2NcrqmEoiW_k-Wc6vWqFVzfAZWj9Rl9ulL1_HYpCIilGDEYf0ILr963I7iQ3qmF5ir6qfz8bMuQkCeyPyuisBwCDPREJusw02YGuRKpurMxYUWBOQHxvIAVRe0L0NoLAJXUlV6qQpOJnv9fniw2BDWgDou447E71CiflzfUZR8uarMNEQSH0lJLB1uapuQJgGBcBG5VO_uXEWqtbAFlrBw8hBs0P9yBldkL1M1NoC0f_5qPX3FqlqKzltm57HaQwy-PlyXrkUDrxg0kF3NnjWafFNJo6f0D2po8iWB-5OGDz0wWHV5OoXBhmQLowewNerWgNwKb-I_C4EArijjXr3tx03w9_piUc84HvZTw3q6gBS9EJvQU83j5cQwse_FlHaNUrDoJIsJ8dg0ul50sgzn_LoO3IWDIh1L9zP9-E6mCWgCrnYnsxWcHdEtEPoXpIACDiyPtXfhq84kVBvdqZReWD-kdugvIoNy9noQV0F6ifMHPcl3yTZPxBC_sQdRu6zYWjBgr-rr14fXIszBDNt9xKBVtdzJV_gMZOZvQZ2yV5nnNCfC8GXSi2Gk5iGCSUUv5v1IyFlhiDB1l-gJTc19XeI5KLuujYKEi34ok37kRJ3FAsW2iELRT4rx6LO46ZRf9YXhceaRnEggQyWpy_9kNcR2IQ0ayCZqOAxIeUyO-9AHZVCyDAyVlTlieU5c0pwwBXNWv_sJkNaUEs3nrUJfHRBZSwoyAGfbAAqu3NxcYN7fKy-_bIsoudIiYYAoCcGBYmfASoDud8Ck5CjTu_C_7qQu3700j6Zd6TXuo_c_MH0-9Yzy1soZ2Et0yjAOgIrclfE-Ahrz8S2vvqN4Icf8wM28XZNNH_cELFFMLkZau_Dja-O_sX03jQep7Nir-rzzgs-q59lRrKGGMzDtTqFBSm8f4dUgfLx3vyK3KuZn6Q3-4ay704P4zCnzDdzAKr2epgRpy-CUI2nGHqMavX7B0RO8eFwofX_4A_FCdjOle-sLxIwHkXp9NZYswGuMRqmaIni-OBRaBy7S088UDK-GjDMmsez-rwTD80U6TzdqirIOAmMkhhvLPYIJJfX6eQnAGHoQ_coax-PbUkMNTM8sg7zf0uF0hl8JiHq3ZAB0GrirPHDOrPDzOVgAf04ApxFOZsinlbshXaJ-TgzC7pNLyc2BardPlz2kz5gqTC5mCRxrcNrra3MI1vCHtSlB8aYYAZnmd1w20mqgx0_sRcc7EIVCkHRPQwTCLc9eBGR8tM-vjd_dzJNw4I0KbIzt4zRB1HRgG9PT371oQQ-3frK055Ghxv25kwM1HZW8qxmIo-4P0xAG0xUUrfSYe9uwUbpKvfT2g_gK79gcbTIAH-rRPeO7yX-qAxM68TvjMpaFIbok7AMozADZHH3YpPy95GHcIW4uGwU8f7ttcHlHW31x01Wq1wV5wm6PvioZZhrxA1jDI4WU8dbbFmRecBKjcxAd3uZzyp9l3fUADGcMbaKmswYYkpuDLEYovUXMBhD3DdAIBv0pFI_YDviiInqFCn32aD5Du-PI_ceXuH1lvI-wyvq5ddz_0LEa05WgdH7FRDGaOInUPOkkHbS6fpyeYAs20l6UMM0Ho0yOH93inoQ6doDyV_1sqeWR9BAR5zRweE9AErsWJsY7aUEASsqZM0pW1Lw0KJrYNfYhTGA6d97GJUJ6ZhE-s79vZjc67j3viDeObqytfoA5C5Su3NMzEUpFYZ9bD9cu2zpmczERRLWw0iYIKl8Fo8evh7bza6U-_rCBoTIsz1pGPBiP10Gd9dy5TJXVqEpQlovilRoHU6mTnHruI0tBVL30SjL7aAqKDJzrv4_UHegf6y3C_WD8LG_xgxwjyZX7hUDY1GudBaC3KY1bynTDoHUMhKt86lLuN9jC524XXO8fcBZOOS5sfjqYccVl9gNdp_MdbQIxRdgUxSG0xSLs5mqZOyzMFIiWgeCudYnd70QeqzbwJnOrPyUup3NSaxzSqutE0yk5buYtuscxand0CutReIBP-4YU-9fgYm9ygYZjU-_b6YimfKfXPcxuldeSfaZBXZWAv4B34J3zuNVPTPWyVjmMX6PfH5lndhnxCrzZLiC11U_6kb2bp8Ftavh4PnqGsiKzh6Fl6npp7KuBe3qgCQqHxz2u79MPxs7ic0aJIx6733OmyxdYGYyQMVfRzsgqL-vvaj60I6OWAhu86Fg9fMrY92jlz_Ip51740C61-PhfBgbYPPgtt1PC_nnygzTMpqWzjCrimJnQPUbAykO571VQE_rKnITixYvF0r5hG0WCVpReese6BW5Ku9mC6vdyHmj3rluOlt7YalYb0Eb_ZoyeOqG-1OwFAxffUc28jJrTquN8b_hk58xgir9WCzj5nvAel3fmqtExPm4Svbkrf6HssA3ISb8H618wADwSSgqKE2dTR9hQL8uUnYkM_fCS72BBsalnndRAd0P4vjZXgV67XvcOKVjNNz-8VIQdOteZr6mUD_evtSguYXwGEde2bl_JXCk5-M6wWdTMd822vtibsc9u4omHLhWL8UySVkgv7uRR1o7xkbGHvKGsFlpOc7djtPe5dDUNzrnn_-clIFUxA2Ab2H0UuT3_av2cFIZglwM8dFz5_sV9Mm9qcHxgoW_SIOpEHsk5GqKHR6Q7aeY6aiUhuw4YXGAJmDZUXJ4JufBiq5hZ5nUeJHaLinGpw1Z4x7Iiaw89HqNIPNP1ZGdWsB99CXnT7G-MDyNt8zM39mnYHqQVcdjjJJefg6IEGra8HpzCxcMwy_JxsbeRXJqJqgHYN6VpAPkTTuC2tdLOBtJh2LGlDVQCHcyyup9CAa7GnsMVKkbzLh89_HacvDUAR6adlXWk_TVpNz4w571FANV_RX_Za9VHNjD49vLOJPDUlmies3cO4Wcm0E8u29o-jrLiZie2dp7tPHdpSnciRmzJU9BFU-F2Lod6fOMnYFxiTP3RRuUcxqEfyWy4RceDTxpM8jbbLk0gYBBGokFoh_Ix3218G8Fwpt3dzDuwk8VdzlJpllIenC_8FboyerUPGC2yAbsZIy0zlGT1S97o5H9k7ndVQ8k95Eg64V_jF5_G1pH2bZ_c0cFASe0TMzF13ZZ-9DNuBSTh3Clhc5LrmmNlrW16KaHrXAc9QgtfnImkNZMe7fsoacAG5pr-mVy_E2WWd5S9CALDujYNIfdo8GadZXdgRod1EB2TDbTjZQ6KqeXsq1-ayOjW34Jr0m091H8mMroEm88ihuf_IxoL29LDS2ejXV2J31FVs_vAmB2RijeHqQdcRrqMkWixVNfnDV69Dc3bwLVP2IGiZ2LzqZK0RGcYSVBmROp6ms_UuakUAtTV3IHXreNV0aIvUlpw3kjDZe4QLfsmcHmWUblEvZI95oSgGJL4Pl4lNaEOFdOYES-Pj8RlOTxVnDvBMSn5xGpW7NafxiIVaHS0i1HIPd__2PkG7q6q9QYR_3nE1lm_WaJ72Q3jA4V5FGIf6-gBHLasAuqWShZeNsWnv4nwIPwuYSLXEvh5vYFcvCt1P_lgCjSyvZq8O6rNuzUWIr-mmoSboXgoU6LumilPJuwMcj62lkoKv5s40Rrxtr4jidxhtsBcqOQU_AyzeK4Hh4vWy2dms3gvbpkHMFznr8o6QsL1PoBCU8aO4WbLyowxjUmXsXRx29723miQ5ZDy7Cb4jTMBTnVarbB0VRnSJsNsP7rPoopW8CQNOd8m9Fm4x7UUIAo4RPQ3A1vGHKwyG-VVc7JI086a-CTmOcncUU1H2Nq&cid=CAQSOwBpAlJWhMBX21LtwguvTbrFKkxWe7kNaXNQpy1DrTcufnuV4oxPwINGzWPG8rNLOePa75rpHFTdv625GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16072255406061898000&adk=3563752640&idt=84&cac=0&dtd=30

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7651e84a25717b2c9fdf7263e3141b46b0c9d8e27e62824d7e6126f30ebbddb7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39050
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame BA23 1 KB
643 B 15ms
15ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 26429
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 pixel Show response
googleads.g.doubleclick.net/xbbe/ Frame D9B0 624 B
242 B 29ms
26ms Document
text/html 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNVDLE-7JHMG4OnrYC1VOKxMfo6ICX6UvMyM-pWiYqc7TEcwQRyKmBqqNIK-P3tTXbjT9iqhOWDpW12vHm-rk2ZCEQjnMdsm7t1sHK8PN0frVWNmuWAMGOZ7Ez9Lr-Itz3WxZGQKlXva3sH7z2AqZoJlPGr7oaxNk6mtio1r9go8wov7Ld8

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-encoding: br
content-length: 222
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:05 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 dv3.js Show response
pagead2.googlesyndication.com/pagead/js/ Frame B9FF 78 KB
27 KB 29ms
28ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/dv3.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 28042
x-xss-protection: 0
server: cafe
etag: 3261498652431352696
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=600
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:05 GMT

GET
H3 200 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 42 B
63 B 50ms
47ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=xbid&dbm_b=AKAmf-BFo7ah-tr6r-Q5Lbfjd5rdZ_gXuECTTOPooRRRPKc1ugmLamJpsQkIg_9o3ht9rNj9g4bl35kvG5l2HVbQDbGr-iscM4tRwwI7_EZzxZGu-l8NLmI

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
20 B 50ms
47ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=fetch&cor=4809427012711553131&x=1&ct=76

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 window_focus_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame B9FF 3 KB
1 KB 16ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/window_focus_fy2021.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22738
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1236
x-xss-protection: 0
server: cafe
etag: 15004572836499977866
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:07 GMT

GET
H3 200 qs_click_protection_fy2021.js Show response
tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/ Frame B9FF 20 KB
8 KB 17ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/pagead/js/r20230706/r20110914/client/qs_click_protection_fy2021.js

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 17:54:06 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22739
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 8314
x-xss-protection: 0
server: cafe
etag: 15120507268597061312
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 17:54:06 GMT

GET
H3 204 l
www.google.com/ads/measurement/ Frame B9FF 0
0 24ms
21ms Image
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.google.com/ads/measurement/l?ebcid=ALh7CaS3r_FGZ-vzSnkjDaawLe4TJKOfUuvRVbZv5VdDabVHbjKjQ2sKxBGjgOH5F7e8PeX32NuQouuqU65aFQZK88C1X0493A
Requested by: Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H2 200 rx_lidar.js Show response
www.googletagservices.com/activeview/js/current/ Frame B9FF 179 KB
56 KB 842ms
838ms Script
text/javascript 2a00:1450:4001:828::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/active-view-scs-read-write-acl
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57266
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="active-view-scs-read-write-acl"
etag: "1688579601580341"
vary: Accept-Encoding
report-to: {"group":"active-view-scs-read-write-acl","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/active-view-scs-read-write-acl"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:06 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame 48FD 0
54 B 122ms
121ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ljxjgow1&c=4543384542910&slotId=2271692271455&qqid=CMqjp7SvhYADFRkE4AodtPIFVA&fb=outstream-lima&vast_v=3.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame 48FD 41 KB
15 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 04:59:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414812
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 04:59:33 GMT

HEAD
H3

200

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r2---sn-5hnednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...
https://r2---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...
https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

30ms
14ms

Fetch
video/mp4

2a00:1450:400e:17::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/267C59352FE2F4465A0B37E9253F3B787CEBD15D.65FBE80268726D0557996F8BB9AADC2FCEA2D445/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/af8bb9bb30f7a3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

2a00:1450:400e:17::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

client-protocol: quic
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
content-length: 2220696
last-modified: Fri, 07 Jul 2023 14:34:05 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: null
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: null
expires: Tue, 11 Jul 2023 00:13:06 GMT

Redirect headers

Date: Tue, 11 Jul 2023 00:13:06 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/267C59352FE2F4465A0B37E9253F3B787CEBD15D.65FBE80268726D0557996F8BB9AADC2FCEA2D445/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/af8bb9bb30f7a3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Connection: close
Timing-Allow-Origin: null
Content-Length: 0
Expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
DATA 200
OK truncated
/ Frame 48FD 210 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 83bd309965c32a247583c3fa802d5710150bd96c147b9933f7bf71b6b482f27f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D9B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_dbm
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

43 B
766 B

8ms
8ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNVDLE-7JHMG4OnrYC1VOKxMfo6ICX6UvMyM-pWiYqc7TEcwQRyKmBqqNIK-P3tTXbjT9iqhOWDpW12vHm-rk2ZCEQjnMdsm7t1sHK8PN0frVWNmuWAMGOZ7Ez9Lr-Itz3WxZGQKlXva3sH7z2AqZoJlPGr7oaxNk6mtio1r9go8wov7Ld8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:05 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=496
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/ Frame D9B0
Redirect Chain

https://dsum-sec.casalemedia.com/rrum?ixi=0&cm_dsp_id=85&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dcasale_media2_dsp_secure%26google_cm%26google_hm%3D
https://cm.g.doubleclick.net/pixel?google_nid=casale_media2_dsp_secure&google_cm&google_hm=ZKyekeb2HoFaDortVPyq7QAA
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1

43 B
766 B

13ms
7ms

Image
image/gif

185.80.39.216
CASALE-MEDIA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
Requested by: Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNVDLE-7JHMG4OnrYC1VOKxMfo6ICX6UvMyM-pWiYqc7TEcwQRyKmBqqNIK-P3tTXbjT9iqhOWDpW12vHm-rk2ZCEQjnMdsm7t1sHK8PN0frVWNmuWAMGOZ7Ez9Lr-Itz3WxZGQKlXva3sH7z2AqZoJlPGr7oaxNk6mtio1r9go8wov7Ld8
Protocol: HTTP/1.1
Server: 185.80.39.216 , Canada, ASN27381 (CASALE-MEDIA, CA),
Reverse DNS
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=494
Content-Length: 43
Expires: 0

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=45&external_user_id=CAESENNF6tKlpe7nnPd6ZdHNLPo&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 313
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

setuid
ib.adnxs.com/ Frame D9B0
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_cm&google_dbm
https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1

43 B
842 B

7ms
7ms

Image
image/gif

37.252.171.52
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/xbbe/pixel?d=CPvjgQEQ_aOOARjYnrXcATAB&v=APEucNVDLE-7JHMG4OnrYC1VOKxMfo6ICX6UvMyM-pWiYqc7TEcwQRyKmBqqNIK-P3tTXbjT9iqhOWDpW12vHm-rk2ZCEQjnMdsm7t1sHK8PN0frVWNmuWAMGOZ7Ez9Lr-Itz3WxZGQKlXva3sH7z2AqZoJlPGr7oaxNk6mtio1r9go8wov7Ld8

Protocol

Server

37.252.171.52 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
an-x-request-uuid: 50661de7-0420-4e33-92a3-81979f05d171
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 178.162.194.30; 178.162.194.30; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://ib.adnxs.com/setuid?entity=101&code=CAESEOLyMwrBbmRo5emRqDF3lm0&google_cver=1
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 290
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame D9B0
Redirect Chain

https://ib.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=${BASE64_UID_ENC}
https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D

Requested by

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://googleads.g.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
an-x-request-uuid: d2543ab7-8cf3-41dd-adec-0b2d3e6b1002
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=appnexus&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D
x-proxy-origin: 178.162.194.30; 178.162.194.30; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame 5235 37 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45149
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D729 0
54 B 121ms
121ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=1~ljxjgp2w&c=4648884758039&slotId=2324442379019.5&qqid=CLeFp7SvhYADFUVw4AodxPsF9w&fb=outstream-lima&sei=44729911%2C44730425%2C44730426%2C44752538%2C75259414%2C420706098&nsei=44714510%2C72811302%2C75259405%2C75259407%2C75259408%2C318491509%2C447279544&bi=outstream
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D729 15 KB
16 KB 13ms
13ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 17:04:15 GMT
x-content-type-options: nosniff
age: 198530
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 17:04:15 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ Frame D729 15 KB
15 KB 15ms
15ms Font
font/woff2 2a00:1450:4001:80f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto:700,500,400,300

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Sat, 08 Jul 2023 03:30:27 GMT
x-content-type-options: nosniff
age: 247358
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sun, 07 Jul 2024 03:30:27 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame D729 0
20 B 48ms
48ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=osv-info&clickstring=Cj2mbkZ6sZPf4BsXggQfE95e4D_7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwHIAwKqBNwCT9AJ8xe_xK_Kw2g8TxWSMaa9UuO7aQiV0keeGm1PmZMLMBb3l6o3GRUkm_aGSTlNkBv_25erP7uEdlINs3d0r0c5EVlze9stlvxlCo4Kbgfv82OmYo1JCqFcDdAF60j_oouKN2qgb4WICQtB1zgXSFO84gmY2J-7g2KuaeYlP8Px9byzcxxKL0Gdz_WZ20WbFdHkDULQf3sW_QEcTBQBny0zWaiPnAyKcznHsXQSh1G03OP4LCv-3440oZh5Xvp0TkL4O2IZmipAVCqtOQ-AID8MxfstlQXYceJ07oXHU4LixZNIFSfRLZHZK52UiJdYKY7zHH-2ODO-0AfioBcno38K1-UZbJwWBhSXfFi7_REeewfuc5a9blGCmFfawuZHF0DaWc6dQx8XlOm5GdZfu-YZVdg15NV6EihdrO1vCNqOYX6SQhKWkRP9nL8AcPSZDrT3onUKMRCnfbOB4AQBgAaJt8D-9LTjbqAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjE0NTc2MDk4NDI4MzEzM_oLAggBgAwB0BUBgBcB&eventType=clickstring&clientTime=1689034385916&ai=Cj2mbkZ6sZPf4BsXggQfE95e4D_7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwHIAwKqBNwCT9AJ8xe_xK_Kw2g8TxWSMaa9UuO7aQiV0keeGm1PmZMLMBb3l6o3GRUkm_aGSTlNkBv_25erP7uEdlINs3d0r0c5EVlze9stlvxlCo4Kbgfv82OmYo1JCqFcDdAF60j_oouKN2qgb4WICQtB1zgXSFO84gmY2J-7g2KuaeYlP8Px9byzcxxKL0Gdz_WZ20WbFdHkDULQf3sW_QEcTBQBny0zWaiPnAyKcznHsXQSh1G03OP4LCv-3440oZh5Xvp0TkL4O2IZmipAVCqtOQ-AID8MxfstlQXYceJ07oXHU4LixZNIFSfRLZHZK52UiJdYKY7zHH-2ODO-0AfioBcno38K1-UZbJwWBhSXfFi7_REeewfuc5a9blGCmFfawuZHF0DaWc6dQx8XlOm5GdZfu-YZVdg15NV6EihdrO1vCNqOYX6SQhKWkRP9nL8AcPSZDrT3onUKMRCnfbOB4AQBgAaJt8D-9LTjbqAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjE0NTc2MDk4NDI4MzEzM_oLAggBgAwB0BUBgBcB

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D729 0
54 B 122ms
120ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=2~ljxjgp31&c=4648884758039&slotId=2324442379019.5&qqid=CLeFp7SvhYADFUVw4AodxPsF9w&fb=outstream-lima&ulv=1&cll=0&met.4=arp_a_s.or&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 vast Show response
bid.g.doubleclick.net/dbm/ Frame D729 31 KB
17 KB 55ms
55ms XHR
text/xml 74.125.133.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/dbm/vast?dbm_c=AKAmf-DncKK14WzOovH_L9VYce6c0ITrtcovpMNHQyuJcC5njXCkFy5kPkfcDvG_5_06y7635QFxiU1nl0GEk_QlOGOUZS41lA&cry=1&dbm_d=AKAmf-DUE8nc2V-ymH8aPFrqDMR_1bGmFAfMBbxUW9FwttamnsVwbmo2g42QHUysE8zrLINPFUQQuoDmOqDv0shhYjJJhn0bNkGHDkeGsY4K-ouvHI9K1YNyGhU2C6AxjBOWngdTZ_Jx9GjCr87WPta_ri7luS4fgDrvKBHRsJZPai_156ixNObVu-NKR9nETukScEFahLshEemx_7UROkERfoTCV_xZYK1N72UtH09XeNgR_pADSHg40oYPilUaHJHQmQBK3souzzqsE2feHZ0W5dYVGQkDFam4ngcdZP3chLubD8L7P4jvPjNyWYgcMFr1Xd3GGeAjBnQI2XzJxjQlkleLZi07UmkLgYn5iARyAHG71P1y_YUsgJW0Wym26w7w-iTwHlFyrUXNEPsZqIuPtBPudhixabU23pPN2ZYexkeGV6eBWV2CW6k2CrdcHKDpgKdUZxLdLYiTXH3nJX0mwkrTKqUu8mKNW9bYjddC54B29SG23QwiMC4mFr6K0aN_7Mj0wRpcwK2YB6VXofoQh8GHbRlw_qXVmUTrTGS8NHatgNpiAG_ce1PiHro_3S5do7Mc5vYUimJp7H9BeeNJubtEYPHUyCaGCyHjBSyVt70E3LS0DowgwnpUSScSauCbK6c5Kec9ztReXcSV2oYsm7tRaTQFie2dHrWjHC0Mfq03NXhObsahNPQ_poK0UZ0px8OLbOXzihx3ay_o5j-VyagfK0UzzSQzEdsFiE6rFNZjBmV-aGNXvo1v0JcD3UjE8xmLMTmT6acj9mlInmhhoVjj9eKWFIz1vM5erixz0YisrJE-M_WMX2glTqeFuhkZLumrart4oI5sjOwky9QEcYWUDq0JFFnlfP9eb8gLJ1z8ur8t79sVxMBdc-SKj35ytisUQVW6lzKVD1z2RdPh5qNI3hU3D6eIis-c7SEylM93LhkF2JhS07lmp5D94Q_gB8QZzpOQV12nJQimGRd81GN6isX7xYty3CTpzqYv3Q9s9N1LG5jcosCmZav62GfODDccUX0ghcu5gvybxJVLrLEuQ4VKj2nNjMPLdgTrWHpAYHeNHq8cJNZ4BW53rMXcepQQ5RuyYcFMdxJhNJlCFoA5BxCnUOJWJH0Hz6wF-JKoT8WxMa0niqkq1snSuSZCXi7luRXdU2-An8wkIbfJ3VupUSAmy5bVdngK_gUABVvcHKLr281W_Wu9ndvr1wb8NxDQySlHkfrSVrbD2hW0mMJjlr6bRP6ciVupUoVRmmNqW-Og_aOomeO2w4hoGHkUH4z_LJEkGk4RQoRPldhr0Ra9xInvG30yu--e4XC7kacCP8czzHoXn9m57r3hCWlfgWJvlXpbjTRveMlB2rl_Si3VK8NEGBAMvkJoNvoC3cGY5pEGbgDaiG3oSwoHyQDfXwY0aypFCif07mbfhfNVfcxXHbQNByVcP769tTQ8_h2aV78qyapWEbWgl-j3h2iEtuWiApfVXxBRdO24IukPo2qhXQ0IWAmkoXbfRDrJynD4ezp8XXuevwg_fFsrKOSggJQ6dwJ_foF38wK1n-8kmgN7AOqzC3hf5cz1le_9a36h5npXcgRmW5PHHgl9V7fnGx45LhduEe8TUKzNetPmZF0dQ5b4OGXSezk9Jqyvtq2SLYAtykqLtPCi288XDJgu0TSoE3Qc7gN0nVzRB6Q2USZTIdta8C2cZ9WiDsyWdEq2LyweLJK2LZi9VPv4ao5xka7lreJu3H5e6ttHmqf90qGLZFcEomUtqnQcppvoCuzqV3Yw_ZxQH5ud2j2X4UwkLYgwsaOYqt-LopjXiYl_048u2MJ_UNswJWgCN0MtwPSqDVUQ8-lThhgoK64CK0sQwDe3iPnSgxqtTZgRm5h7ZafW6uV0FSBDOYdIE7NPzO-bDl3lsDKswA-_W3w8o82d2UU0Zus8LQxNib62M1mRQQLx51P7fAbcRf_L_gMJ1QRFM8bhLrz50DA2Xa0ynamCIpsk2DNsi5D7zXGBYnz0ZZJop0WvS54M1AvLzUJWvwY0r_8yRWuqL3lvdJvVXj2ec-1yibMGL4vQ9n3O3bSgUkXG3ttsi8dbWyof5dWjRc1yooMUQCb4ngljS_JldFzZIIj5S3e7W8WtSaIc14O9zufbtCPzZ1WYWiYLUGVJpQbLF3zYukMEGfN5cKKh0bMvaUOLTFJyjfQal8D7IRMe0v3aAsB6DlCtdAdTnEmt3eLRDA2XnB-VVJcmUv409p-_U9ihOfUGSyYuS_3-QLFBSij3pWBBrz-rwQyWt98wUaWezCZe_fsKuK10SC5c0OTjPFVBifaQ9z6y4XWB_B7iXCyl9HiXX05IOAm4u5UstQfLrHS8esd_lYAXsLersb-vtFaRL0Nl9no98u7-lJTZqFjE7aVCvOESMjCJsQysrdxxzghJFbhlpOF51TPSR8K-HOPRy5XnjozEBDDS0LlRnzHRNiC_HxO2KL6xeB4IrtiHe-aVj3f9oR-0ihBnJcyo9RngWbllD1VJEZWRdD7ycWhrbBU_KwhKktVqL8phycrKEsDTi15LgAd8hBtLHgCrB34KYrAGU9ggFnmio1gGfg9akY5QcQfd3YROJo9ofdE1vgfuV_s1l504B3mfgu5UKekCM70URG_g1mdnHrKAR8krPE5ZPniWJ46fhsLcepKqx1mLBIhlq5shVmqwv256wFfvcDp9Qdo8wB1nWkvVVybG0QY6w_XMj4s_Uc3Up75RJUConLd4caVwSeAdr_Ya6ZTa_EnUVK-C7imEWUQG8pJfAZ7gr4MOgf4BdQrF0FpgkYR5MdIylsBApqGL99L6x5rlln7p5b0AcsdLNX9eEVdYHU5ppAIekoPyYZ6jwfWmYPmkPGqKb6dx5379TJwTy5RdrX7_PI-0UaBgnzXhYYnrPpnoSH8lmIJLvtLY_a6N7PJ3j94O9wfIxFmhig8Eawsec6K_GqPhOj7D6Yfrr88gy5GhM1q3Uv6RMn-Jsv_EmDuMxkgGOFJ34b9T1-xNaZMCnlTRmZxMbHiKqux9_6zet5ZjvmkQRVdrOaGF-olNXLMMaQldEsnVzWHzl9KAvPejAkZSes0JxfkoGXZFSOnsY5tiFKzq65pgELGk3J-KgujjRO2PLpz53Z9_qBKtMZ3NBDrL-nHuhnFhpmT0Y862-xaLnYxeK_FCrLE0u6xZ0Q4GUjCbthHOoZMjsidA3NNPc78_B_5u1sHdTK2lDbDX3iubbfmHVjkweFtmywsXo905TOXUbH6jYY4AIQIGOVPJ2K4hUW3g2VxSVH_PrgCIjCazCnaa_h1VMF0RMXprkU9KXP_qgFEUq70e_0fZzMCG_uCgtmWHmsBfIZ8hf52KfAJ9jsOLC5Qnvc_TN8KeFBOYHBitGZ4_uQCzPeHcEpSP09jhLMDxcrVzPPL8kkG_ugOnNluWw29uC8fsclLAihIpHO9OUCAawINgB4X-1oDdPF3VNd4yNO1GUtZIZyYOZ4cnrmrkVOh0MrAVv2g5eW5MoANAoTa7VHrQTNgj_n5GcG9-wd0hYVay32GsLIQeU1rybQoWO3KIb97xV4ZlekiACEYM2CWNQyrtUT43GY1QiPcpPuJuOfQ_eamiSgctASE3f_y6lHkZTXdG3sQqPcGgcwVTZDeRM7e0Bx1xlm6vH-uXkWj_xqD3ZhZsR9EqI5WEl3V4E4YURTkhUc6VlNTHov6hx4qj10tDq3U6q_MSZKpl&cid=CAQSGwBpAlJWdwA81zBOJTWClg_BW0Q8RQuHUpwEwhgB&pr=8%3A8A74946C597D428B&sdkv=h.0.0.0&osd=2&frm=2&vis=1&sdr=1

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

74.125.133.156 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

wo-in-f156.1e100.net

Software

cafe /

Resource Hash

084fc1b9025da8d0d117d99c10146907a3c6afeffac6850017147421152223a1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17077
x-xss-protection: 0
pragma: no-cache
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
20 B 47ms
47ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=running&ord=2533640358737&version=m202301230201

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
20 B 47ms
46ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tlbr&ord=2533640358737&version=m202301230201&ct=76&x=1&cor=4809427012711553000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ad Show response
googleads.g.doubleclick.net/dbm/ Frame B9FF 95 KB
38 KB 66ms
66ms Script
text/javascript 2a00:1450:4001:831::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DeAdX1u2gai8M1qvSzB1C9gPFXl_SHjvzNkOJ5S4p9rSEaWQnLZO0dFQEb75MEpm9aN1vEiodgfecqBJddnoe2qzjltWfbluRsntaarNV1AmCMBZw&cry=1&dbm_d=AKAmf-AWcs1ZIf1R2M2m4Uqat7sHHyy_AbrXi7LoWZcD9Z53GX2bn1COe7HOOsbUwznuFYANyJ4ca73_GyCGt9K7hXWy2eNZ_NO6iPUJI1LDj0t_8rE8uqAqzyNJ9w5xBtTcjV4vUfEWdEi4cl1IelDjVF4H29KtyAC9-V28_V_Vp5RB88PMO8pTPsFcwNDkpTqZRzmBaedx7-DACtdT2qgPinNL3s5rILS4QqMtCh3fYn_w6_TWvBpW-moctk86SaFlrZ_CSRt9Z-82OHjV0YGgXI2TmgZcCl8RrrdzOPsack1aoWqlyl1CuL_QIjrQytuQmSqMzZ5nLUWzTkHmyGJCp93aD7uSg528Vm52y5rl-Op9KgT1W9xTM9jH5rxvRnSW-gVSiKBspeiLE_4I2_N9Cdy1GgC_TFeJhq67HSvDwxOuElKcMEq_o-esG_C54iMwbvwv-ra36DLQLCjBVixgkSU0v3w__1JVrNLGkcEWKe8jO27YZI8srSDuQ1Pg1ST535jHP4gEpGvej7Mj7VFoGMZwQNpRcPLTraT9f0tanJDxMvn68RRcfMvdfpXMmCwjbnkA7f7TVsA_miVcaBgISGiRR-dTb_P1SgRz3valLlkKsL7eOgA0dYlXAArRvcyajCOtBtUVzoatcmOvQydYDFHMfvQ_0JYBvyBxFvTMtkZ5nZ6ZWHX-ApWMnty7p0_GDkKv9gwj73H3fYW_TX-UEsJfZDPF6dnSJ7gZwI8biQJQJLl_Bs7skcrqEP3_VskYDqZgaRhc6JAnpkmSIi7I33VIlyUDW4ZwyqoE4vq5P7J1305SKwQwJ_atrUMPLyyeejCGq6XtUFLBC6djnSxJq6n6AK0Vzj8Jlc8LWZ7bAMPuMOnbSYxOslRcTp9ERerNqaMy9xi3g1bGUMvchpJYl72RS2mHI5_UuJW4Wci7pLKS_DwRbW-Z4_oy9uV32ay6dBRauvgwGJXjVvsdvOh6zQphc1HqQCb6f76TGgV_lE4A08qZaQo913yqf5ktCZyneTitn51bR6l6he4qkFV7gKj5LzAPQeGVCnojmn11APVHkBasUfEvr7BT5tPq-N8GdMn8YvEudqgL16YNHeM1y_fbDdzvUzWsNRaQTKxzSu8kOYCid9bKezL2zw4fqC_daksBwkezxK84aLbHyl41MMa-vGTs0EWPic3pNwg7PrTIoFxThHR0fxqr5jINxw2gmeBFb-dp2srPXqhjkrI696bwvKTy8qZt3oh9mQ1fgp7dKlggfB4tUWt--MrP_h27RFvRgOuYEZJ-3Ks5sl7FaY-mjzHN47WBVcFTVrFlvO9Q_VjzYV_AFbERNu0z1tFufyV1w5lfN0vOcnMqBO3IwaJS7Wjqohx3l1kocYHy0zG1KC9xqVhMwKy-sKhkJDLrXtLSJZd-Up8H4EHlAEz_qaQBIjNUIz8dinYECx2F08YOU8kFmwfhgcErZK3e6j__ONpVlVMRI0Gf4E3Lwqa3qBhurNkfvOOxkNbIfjh22HJJdaRZkBVwr0F8req6WMuVbzvD9wYkrVKzKMKLELr3bQsPbnmg1nr4fcmVP4Rjfnh9l98VpELgzAzD1hmG2n5lxDomSENAbaaZ1xmqLy01GjvtNr_OSd0gndq6rPH-GzHzZnSz9c9kWH_eUHJr226yIaQ9i_l57KSRuWOM6WlbFjJI9MCTg7lVeaqNiA3Bg6-pWD8yEiVXEKiKErOv190EK3tr-uxhLtQ0zByFd5iCXNvoKKx-dcgN5skzyjEggyVnYrOK0tTJ9Bi3X3kgWWlEwtgIFQyN04a6Rjpkvz2fjaKDTYkz4aqFKrObBrmekmg4wfGkKdQjKZY3VNPvcW3srqRFmEOS2eIJw07zEzrX3Vg9SHB2pGRNWKVCsjo4eYzE3Flkz5ML4OpMo3o7G6Gol59slPMC0HUYDyhcqw2pGqnV-OoSh46wI5I35kZP5Qa-c4v9ih11N_G1zkFYOJoqwmSsfEzPEFZ1pTEtXlupgRrmRSbHIv0E3iIyJ5hIKS0E5KdMFCzJCIfT1ljO5D9tWb_c8vt34D-Ayvij1_iWF2GvhtODyRhgKkUFx43ZxxlLWi647dDPQ2kQT3aN11DCdnsB8XVBi5a7_D3sDqYW78JniW768nvFawkykfL7svoH9v6WuRhrFL0FN57jy_8R0Fq3ETmHa4RyPq7Jz8vY4_vywy8P6I_Qg3bZPzV9V3AkzY7I7CFnsB68XU3NcwlrB4AswRO77gFE3_p51f5aQIdRj4qWPeuojzPxC63ASKMUEAgzBMdGwvQnGP_ZjWDxN1pzriDYIrpS-jR6PrTIkOVnA4XIhElQ5epXYNNgYxVNFBzBcoctLQY4LDXYZWIftLZ9Hk7_wbeqKjaWwwaGqSMkf4s2rs1Aztwd_8XA6OW13XK3JSGS4TqhmQqgq6fvAoAaRDd1cz9BnBoA3b6sjiMIoIkr5Um7RjdyGk85GAJ7Rqs88nfcIM6Vn0pbR6UgbeJBFyycSleBqVSKez8FIrPwO3ZDiinhKCmotBlgXyAgxdZoZYPFm0cIawEl-qLuyjenQn4m4kECkNn5mCgJqTOkUT1umxJh1UdR5tpOmx99d3UP-MqWUoZu6uanbj0vrhagLm7TPNV06oiCOcL9qs_Q5qbPajH0RvR5SaCGc2KetK2R_MBYF5DcHEB24RPjbTaVRu3Uo2bEZMipPDVpGeWQOWLwk5P5F_eTIKEEdc97SAoqxtjpwKW-13IF8b8CVWAt7ZJKiiKNl1x4JiNRmFTeV7qvKQfXDaXzktJ74IErWBjSpl3z3GFlDCH60t0eoDSmBWRBXCRS2AMRlziag8DM3pQOdOWtAMd4ORdhuNZ9dA79nokHd1GkUNZ8kgvdvXJz6_dXKP6JBfYPzlQ03E7uJG4nrTYj6CN931I3LvoNUVmHggwND_E7hk3zYvhEfccg5kgLSHgfBb9qhdCUgqoUOdnZrt_D2DF6-Qs0guyEdPY_woTTY4vHkgaPGN6wkU4xR60JyGkPBSeTPNHrgknf-5C-HvQp9revlr672naTcPXmkgiVcIs_Ok8skHfp9CHP7GT_NNcJXQlt7mAhhFqP-7Y8RUH4VvpimG2XvAli9rqWijLfX6NOqf9hvBvSDADyMYuKxDLKD-ajZDWubfccRYY2u4HIEQcY2pubggWj_SSowaZfF3K5Sugx8obhapjY793Pf00bEKXLrrwGCWr4qznXwCeBqsPNlUJ2HgMlvYv7bmISK726s_c2tRlEE-PoO0PPxhWqWAI4ZRICj2IVqD1zoOXsU_GiMmtITD6r7-Xe--OIV88IhMammbuBM9DpG6e1YF2QLuD3vtAdkD5B6QrfgsGhk2L8if0fSLAccUNxDV61udq0ZMydwS62N8BTaRXH-AD6n8Kk2rLC8y2sl-NGkzN6sCGItpPWpSroCcSa-m47vsUzlI4GxonnZZTjH6yW6sPga4beTTUJ8HgxLlKMYuJGooNIJpmNZfhdaj3DqY7aPFgqxIx5xGOwG--81FLlaV2ykUOXXiM2Y6lq6fSa2DfBRMY-2w0qLNj-jUAnbknhyeawSQxMvKewtyjtB6YZQjhNW5troFhVZs_sLxLotnnhrjt53t1ru3RQNUfbpal85jz-_e9Zsl5mYsCoPuSCdwPcrji5QbDJp7rNsSTe_eLc8BwB_RLIylMV_9ni4xPnTTvrvnXOp9011ZnHZH3eXnSu3vUxW734U2vhrg6BdIgAA_JILyQo-bZGQZUfiUeus8DArx2Y4-h2keyZLtFlbz9BdftrTVY28DiRpLhx5m165Mj_JvpdIp9F3Feit9CQARp6jKZydnv13-QMeziJ0I8jWHIsKpNEKcM7VNz2pW8mWnCbuNd3q37lX-l5Rq6TsQ65xgt4CN1U1k_eqsaXpZ-NmJ4i3Xd_Lw1D-Yzaj01xK2idbwGZVYweHJB4CSTN9YV2dfVuOgSdfaZDnRG0&cid=CAQSOwBpAlJWy4a9W95Wdgl1Wngo5B91E5Aqb2JcyOF4lOrEhjkl41ZbXNCtWFTvL3Qt2PI27xoYC2__quoDGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4809427012711553000&adk=3844175693&idt=32&cac=0&dtd=6

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

b0b4aeb68bc1a52b72372d2fa563bab797f7c09b8ddf8f752d0daeee553707c1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39220
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 xgde.html Show response
gdetr.hit.gemius.pl/gdejs/ Frame F937 303 B
315 B 19ms
19ms Document
text/html 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/xgde.html
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 7bbd910982260037f1c9d83f2c7fe743e789ca06dd54c9eb56c2598b7b928fd0

Request headers

Referer: https://ng2.virgul.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: public, max-age=86400
content-encoding: gzip
content-length: 215
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:05 GMT
etag: "5996D7A50000012F9178E011"
expires: Wed, 12 Jul 2023 00:13:05 GMT
last-modified: Fri, 18 Aug 2017 12:03:49 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame C9C8 172 KB
60 KB 45ms
14ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 10:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 10:17:23 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/ Frame C9C8 11 KB
4 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-AZbyXeukZYZ8yM2l8-Qaz1pcA89-2TdLYX0OtZGPOM4WLYJ4MOGbJHuitkbYJE2jXc6EWSi0-ZW87CeAlAV32tGwxjqSk0jio_3hOE99LKURiw4Oo&cry=1&dbm_d=AKAmf-B646d1qPktW7kqGYGyLZk-1fx5RedGJyNDlqkVzJZV9WyDkW6DYFilqojmHPjJJcPTdzEO7EmiZqoifNYhxWDR-41iB4jbG0I2gAtcdV3me6HabpAjXNMehGy_GMCeqf1UbFOIom-uVOp12Cnnlbf3q_4O5E4T9bv_Sclw6w2jjDRNh0u00aV2GhBNQHSjAcZImivMlPE2NcrqmEoiW_k-Wc6vWqFVzfAZWj9Rl9ulL1_HYpCIilGDEYf0ILr963I7iQ3qmF5ir6qfz8bMuQkCeyPyuisBwCDPREJusw02YGuRKpurMxYUWBOQHxvIAVRe0L0NoLAJXUlV6qQpOJnv9fniw2BDWgDou447E71CiflzfUZR8uarMNEQSH0lJLB1uapuQJgGBcBG5VO_uXEWqtbAFlrBw8hBs0P9yBldkL1M1NoC0f_5qPX3FqlqKzltm57HaQwy-PlyXrkUDrxg0kF3NnjWafFNJo6f0D2po8iWB-5OGDz0wWHV5OoXBhmQLowewNerWgNwKb-I_C4EArijjXr3tx03w9_piUc84HvZTw3q6gBS9EJvQU83j5cQwse_FlHaNUrDoJIsJ8dg0ul50sgzn_LoO3IWDIh1L9zP9-E6mCWgCrnYnsxWcHdEtEPoXpIACDiyPtXfhq84kVBvdqZReWD-kdugvIoNy9noQV0F6ifMHPcl3yTZPxBC_sQdRu6zYWjBgr-rr14fXIszBDNt9xKBVtdzJV_gMZOZvQZ2yV5nnNCfC8GXSi2Gk5iGCSUUv5v1IyFlhiDB1l-gJTc19XeI5KLuujYKEi34ok37kRJ3FAsW2iELRT4rx6LO46ZRf9YXhceaRnEggQyWpy_9kNcR2IQ0ayCZqOAxIeUyO-9AHZVCyDAyVlTlieU5c0pwwBXNWv_sJkNaUEs3nrUJfHRBZSwoyAGfbAAqu3NxcYN7fKy-_bIsoudIiYYAoCcGBYmfASoDud8Ck5CjTu_C_7qQu3700j6Zd6TXuo_c_MH0-9Yzy1soZ2Et0yjAOgIrclfE-Ahrz8S2vvqN4Icf8wM28XZNNH_cELFFMLkZau_Dja-O_sX03jQep7Nir-rzzgs-q59lRrKGGMzDtTqFBSm8f4dUgfLx3vyK3KuZn6Q3-4ay704P4zCnzDdzAKr2epgRpy-CUI2nGHqMavX7B0RO8eFwofX_4A_FCdjOle-sLxIwHkXp9NZYswGuMRqmaIni-OBRaBy7S088UDK-GjDMmsez-rwTD80U6TzdqirIOAmMkhhvLPYIJJfX6eQnAGHoQ_coax-PbUkMNTM8sg7zf0uF0hl8JiHq3ZAB0GrirPHDOrPDzOVgAf04ApxFOZsinlbshXaJ-TgzC7pNLyc2BardPlz2kz5gqTC5mCRxrcNrra3MI1vCHtSlB8aYYAZnmd1w20mqgx0_sRcc7EIVCkHRPQwTCLc9eBGR8tM-vjd_dzJNw4I0KbIzt4zRB1HRgG9PT371oQQ-3frK055Ghxv25kwM1HZW8qxmIo-4P0xAG0xUUrfSYe9uwUbpKvfT2g_gK79gcbTIAH-rRPeO7yX-qAxM68TvjMpaFIbok7AMozADZHH3YpPy95GHcIW4uGwU8f7ttcHlHW31x01Wq1wV5wm6PvioZZhrxA1jDI4WU8dbbFmRecBKjcxAd3uZzyp9l3fUADGcMbaKmswYYkpuDLEYovUXMBhD3DdAIBv0pFI_YDviiInqFCn32aD5Du-PI_ceXuH1lvI-wyvq5ddz_0LEa05WgdH7FRDGaOInUPOkkHbS6fpyeYAs20l6UMM0Ho0yOH93inoQ6doDyV_1sqeWR9BAR5zRweE9AErsWJsY7aUEASsqZM0pW1Lw0KJrYNfYhTGA6d97GJUJ6ZhE-s79vZjc67j3viDeObqytfoA5C5Su3NMzEUpFYZ9bD9cu2zpmczERRLWw0iYIKl8Fo8evh7bza6U-_rCBoTIsz1pGPBiP10Gd9dy5TJXVqEpQlovilRoHU6mTnHruI0tBVL30SjL7aAqKDJzrv4_UHegf6y3C_WD8LG_xgxwjyZX7hUDY1GudBaC3KY1bynTDoHUMhKt86lLuN9jC524XXO8fcBZOOS5sfjqYccVl9gNdp_MdbQIxRdgUxSG0xSLs5mqZOyzMFIiWgeCudYnd70QeqzbwJnOrPyUup3NSaxzSqutE0yk5buYtuscxand0CutReIBP-4YU-9fgYm9ygYZjU-_b6YimfKfXPcxuldeSfaZBXZWAv4B34J3zuNVPTPWyVjmMX6PfH5lndhnxCrzZLiC11U_6kb2bp8Ftavh4PnqGsiKzh6Fl6npp7KuBe3qgCQqHxz2u79MPxs7ic0aJIx6733OmyxdYGYyQMVfRzsgqL-vvaj60I6OWAhu86Fg9fMrY92jlz_Ip51740C61-PhfBgbYPPgtt1PC_nnygzTMpqWzjCrimJnQPUbAykO571VQE_rKnITixYvF0r5hG0WCVpReese6BW5Ku9mC6vdyHmj3rluOlt7YalYb0Eb_ZoyeOqG-1OwFAxffUc28jJrTquN8b_hk58xgir9WCzj5nvAel3fmqtExPm4Svbkrf6HssA3ISb8H618wADwSSgqKE2dTR9hQL8uUnYkM_fCS72BBsalnndRAd0P4vjZXgV67XvcOKVjNNz-8VIQdOteZr6mUD_evtSguYXwGEde2bl_JXCk5-M6wWdTMd822vtibsc9u4omHLhWL8UySVkgv7uRR1o7xkbGHvKGsFlpOc7djtPe5dDUNzrnn_-clIFUxA2Ab2H0UuT3_av2cFIZglwM8dFz5_sV9Mm9qcHxgoW_SIOpEHsk5GqKHR6Q7aeY6aiUhuw4YXGAJmDZUXJ4JufBiq5hZ5nUeJHaLinGpw1Z4x7Iiaw89HqNIPNP1ZGdWsB99CXnT7G-MDyNt8zM39mnYHqQVcdjjJJefg6IEGra8HpzCxcMwy_JxsbeRXJqJqgHYN6VpAPkTTuC2tdLOBtJh2LGlDVQCHcyyup9CAa7GnsMVKkbzLh89_HacvDUAR6adlXWk_TVpNz4w571FANV_RX_Za9VHNjD49vLOJPDUlmies3cO4Wcm0E8u29o-jrLiZie2dp7tPHdpSnciRmzJU9BFU-F2Lod6fOMnYFxiTP3RRuUcxqEfyWy4RceDTxpM8jbbLk0gYBBGokFoh_Ix3218G8Fwpt3dzDuwk8VdzlJpllIenC_8FboyerUPGC2yAbsZIy0zlGT1S97o5H9k7ndVQ8k95Eg64V_jF5_G1pH2bZ_c0cFASe0TMzF13ZZ-9DNuBSTh3Clhc5LrmmNlrW16KaHrXAc9QgtfnImkNZMe7fsoacAG5pr-mVy_E2WWd5S9CALDujYNIfdo8GadZXdgRod1EB2TDbTjZQ6KqeXsq1-ayOjW34Jr0m091H8mMroEm88ihuf_IxoL29LDS2ejXV2J31FVs_vAmB2RijeHqQdcRrqMkWixVNfnDV69Dc3bwLVP2IGiZ2LzqZK0RGcYSVBmROp6ms_UuakUAtTV3IHXreNV0aIvUlpw3kjDZe4QLfsmcHmWUblEvZI95oSgGJL4Pl4lNaEOFdOYES-Pj8RlOTxVnDvBMSn5xGpW7NafxiIVaHS0i1HIPd__2PkG7q6q9QYR_3nE1lm_WaJ72Q3jA4V5FGIf6-gBHLasAuqWShZeNsWnv4nwIPwuYSLXEvh5vYFcvCt1P_lgCjSyvZq8O6rNuzUWIr-mmoSboXgoU6LumilPJuwMcj62lkoKv5s40Rrxtr4jidxhtsBcqOQU_AyzeK4Hh4vWy2dms3gvbpkHMFznr8o6QsL1PoBCU8aO4WbLyowxjUmXsXRx29723miQ5ZDy7Cb4jTMBTnVarbB0VRnSJsNsP7rPoopW8CQNOd8m9Fm4x7UUIAo4RPQ3A1vGHKwyG-VVc7JI086a-CTmOcncUU1H2Nq&cid=CAQSOwBpAlJWhMBX21LtwguvTbrFKkxWe7kNaXNQpy1DrTcufnuV4oxPwINGzWPG8rNLOePa75rpHFTdv625GAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=16072255406061898000&adk=3563752640&idt=84&cac=0&dtd=30

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:00:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:00:48 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/ Frame C9C8 30 KB
11 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:10:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21736
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:10:50 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame C9C8 41 KB
13 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 493417
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 18E4 1 KB
646 B 13ms
13ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 26430
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 dpixel
cms.quantserve.com/ Frame BA23 35 B
463 B 48ms
10ms Image
image/gif 2620:116:800d:21:ef75:8280:f209:5ba1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cms.quantserve.com/dpixel?a=p-n5vvLvRdjg0ek&eid=0&qc_google_push=&google_gid=CAESEHFIaLqln2bYX_gZL9kadiM&google_cver=1&google_push=AaAOQGH5zKkJ1GPy5r73OmDHx-j9JiJSV9EMkKe9Lw5Cdz2us1rHFA0z4CrawIddfqw0_KzySwndPFaaib01UGw8h3odwp0T6XzL

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:116:800d:21:ef75:8280:f209:5ba1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=86400

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
strict-transport-security: max-age=86400
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
content-type: image/gif
cache-control: private, no-cache, no-store, proxy-revalidate
content-length: 35
expires: Fri, 04 Aug 1978 12:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA23
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&google_cve...
https://pm.w55c.net/ping_match.gif?scc=1&ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&goog...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&google_cver=1&google_push=AaAOQGEw0Zwo5xUHvFPtQxoC2Wih57IA8wW342vacqZLOnm...

170 B
188 B

26ms
25ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&google_cver=1&google_push=AaAOQGEw0Zwo5xUHvFPtQxoC2Wih57IA8wW342vacqZLOnmcufAGHt1rridLL4sFhOqkfofdpsWf3rNOvamsd-zRGWwyiLMjwP1N

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:05 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEAtMU9AFtZBzfGawITXPgrQ&google_cver=1&google_push=AaAOQGEw0Zwo5xUHvFPtQxoC2Wih57IA8wW342vacqZLOnmcufAGHt1rridLL4sFhOqkfofdpsWf3rNOvamsd-zRGWwyiLMjwP1N
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA23
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESEI9Is3NjdgivTPndI9Q5GlY&google_cver=1&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqnVRRx0...
https://c1.adform.net/serving/cookie/match/?CC=1&party=1&google_gid=CAESEI9Is3NjdgivTPndI9Q5GlY&google_cver=1&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqn...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqnVRR...

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqnVRRx0ARf4ZBlS3E48r0Nt-5SE

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGHfWr7pgPf-8T79MPcl_eb2e_Eb3N-KXsEXhvyS2CO_OPM6Rbpx34cS9Ys5Zrtvw0nqvqnVRRx0ARf4ZBlS3E48r0Nt-5SE
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H2 200 dds
rtb.openx.net/sync/ Frame BA23 43 B
245 B 55ms
17ms Image
image/gif 35.227.252.103
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://rtb.openx.net/sync/dds?google_gid=CAESENtqjl3_toQeDkV5k9iovME&google_cver=1&google_push=AaAOQGGkcoWq4KCyyrtwHuFj85silO53LgFQlXAK-3tI6fMjDK2BWvO_Sf6w4-sHJlOIqTH_cLFlgCrICLeQZFdWWOD-8HTAHl_m
Requested by: Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.227.252.103 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 103.252.227.35.bc.googleusercontent.com
Software: /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA23
Redirect Chain

https://onetag-sys.com/match/?int_id=19&redir=1&google_gid=CAESEA_VanDTsEnDXEuZkFuQdBg&google_cver=1&google_push=AaAOQGGwpyVzkH-JVjMDcaU4zWNUtPo5LtnfqnTJ6EPSrMoCzYCQmW7d-8IdPgA-a_BsQnRjHtf0dkqHv95N...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGwpyVzkH-JVjMDcaU4zWNUtPo5LtnfqnTJ6EPSrMoCzYCQmW7d-8IdPgA-a_BsQnRjHtf0dkqHv95Ne9OgSuuXmo3My4jv

170 B
188 B

24ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGwpyVzkH-JVjMDcaU4zWNUtPo5LtnfqnTJ6EPSrMoCzYCQmW7d-8IdPgA-a_BsQnRjHtf0dkqHv95Ne9OgSuuXmo3My4jv

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGGwpyVzkH-JVjMDcaU4zWNUtPo5LtnfqnTJ6EPSrMoCzYCQmW7d-8IdPgA-a_BsQnRjHtf0dkqHv95Ne9OgSuuXmo3My4jv
strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

GET
H2

200

report
sync.teads.tv/um/ Frame BA23
Redirect Chain

https://sync.teads.tv/um?ssb_provider_id=3&uid=&google_nid=teadstv_ab&fb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dteadstv_ab%26google_hm%3D%5BVID_B64%5D&google_gid=CAESED7h95GuNTJZ...
https://cm.g.doubleclick.net/pixel?google_nid=teadstv_ab&google_hm=&google_push=AaAOQGHhUN88hig1Tct29CWXWNmYI5NcqoH1YP5P8gdYoY2OZm1F900qIu4H1MnKLxS5Y_YqR6-Hb13b8_R5hgciJXSsJtWkozAw_Q
https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab

23 B
163 B

34ms
34ms

Image
image/gif

104.102.35.84
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Server: 104.102.35.84 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-102-35-84.deploy.static.akamaitechnologies.com
Software: akka-http/10.2.10 /
Resource Hash: 328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

expires: Tue, 11 Jul 2023 00:13:06 GMT
pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
cache-control: max-age=0, no-cache, no-store
server: akka-http/10.2.10
content-length: 23
content-type: image/gif

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://sync.teads.tv/um/report?eid=3&google_nid=teadstv_ab
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 260
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame BA23
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEC_vP_Gl1...
https://x.bidswitch.net/ul_cb/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEC_...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

44ms
44ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%
date: Tue, 11 Jul 2023 00:13:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame BA23 0
12 B 25ms
23ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IdIhp1gNYyo0_Ah8jwnXVqoWWWqWx-xGJw1yQrplRNaO3J5pjagQ61mdlg__IbzBKHoAS6UX4

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame D729 216 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b121a7b8557227d37640ea014669f2027a49c4d47ffa02342368098c44dba3f8

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 2B9A 23 KB
8 KB 14ms
13ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 63098
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 06:41:28 GMT
expires: Tue, 09 Jul 2024 06:41:28 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 xgde.js Show response
gdetr.hit.gemius.pl/gdejs/ Frame F937 56 KB
20 KB 20ms
20ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.html
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 243ff4b38ca5fe323056ea75585fb66ec3ed73293eac13e7d215376f1418eb4a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gdetr.hit.gemius.pl/gdejs/xgde.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
last-modified: Mon, 30 Jan 2023 07:57:30 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
etag: "63D7786A0000E1021FE82885"
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 20061
expires: Wed, 12 Jul 2023 00:13:06 GMT

POST
H2 204 csi
csi.gstatic.com/ Frame D729 0
54 B 121ms
120ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=3~ljxjgp36&c=4648884758039&slotId=2324442379019.5&qqid=CLeFp7SvhYADFUVw4AodxPsF9w&fb=outstream-lima&vast_v=3.0&vmfc=12&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 HdsydzJK.js Show response
tpc.googlesyndication.com/sodar/ Frame D729 41 KB
15 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Thu, 06 Jul 2023 04:59:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 414813
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15407
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 05 Jul 2024 04:59:33 GMT

HEAD
H3

200

https://gcdn.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/ip,ipbits,expire,id,itag,source,ctier,acao/signa...
https://r2---sn-5hnednss.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...
https://r2---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...
https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,ita...

0
0

17ms
15ms

Fetch
video/mp4

2a00:1450:400e:17::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5329750CF93E46D188B111E9D361184515D2B31E.7A800ACFD69E4A198EF969D2C4B75F39D30DB936/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/e042ee55e0ea3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

2a00:1450:400e:17::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

client-protocol: quic
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
content-length: 2220696
last-modified: Fri, 07 Jul 2023 14:34:05 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: null
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: null
expires: Tue, 11 Jul 2023 00:13:06 GMT

Redirect headers

Date: Tue, 11 Jul 2023 00:13:06 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 02 May 2007 10:26:10 GMT
Server: gvs 1.0
Vary: Origin
Content-Type: text/html
Location: https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5329750CF93E46D188B111E9D361184515D2B31E.7A800ACFD69E4A198EF969D2C4B75F39D30DB936/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/e042ee55e0ea3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4
Access-Control-Allow-Origin: null
Access-Control-Expose-Headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
Cache-Control: private, max-age=900
Access-Control-Allow-Credentials: true
Connection: close
Timing-Allow-Origin: null
Content-Length: 0
Expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 57D5 1 KB
646 B 14ms
13ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 26430
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame C9C8 214 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5404d9851c9b7f75441d03375fe7f162fdce9fceb0cd88ec104145499ebc46d9

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 html_inpage_rendering_lib_200_278.js Show response
s0.2mdn.net/879366/ Frame B9FF 172 KB
60 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 10:17:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 50143
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61485
x-xss-protection: 0
last-modified: Tue, 14 Mar 2023 18:43:57 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 10:17:23 GMT

GET
H3 200 omrhp.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/ Frame B9FF 11 KB
4 KB 16ms
15ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/elements/html/omrhp.js

Requested by

Host: googleads.g.doubleclick.net
URL: https://googleads.g.doubleclick.net/dbm/ad?dbm_c=AKAmf-DeAdX1u2gai8M1qvSzB1C9gPFXl_SHjvzNkOJ5S4p9rSEaWQnLZO0dFQEb75MEpm9aN1vEiodgfecqBJddnoe2qzjltWfbluRsntaarNV1AmCMBZw&cry=1&dbm_d=AKAmf-AWcs1ZIf1R2M2m4Uqat7sHHyy_AbrXi7LoWZcD9Z53GX2bn1COe7HOOsbUwznuFYANyJ4ca73_GyCGt9K7hXWy2eNZ_NO6iPUJI1LDj0t_8rE8uqAqzyNJ9w5xBtTcjV4vUfEWdEi4cl1IelDjVF4H29KtyAC9-V28_V_Vp5RB88PMO8pTPsFcwNDkpTqZRzmBaedx7-DACtdT2qgPinNL3s5rILS4QqMtCh3fYn_w6_TWvBpW-moctk86SaFlrZ_CSRt9Z-82OHjV0YGgXI2TmgZcCl8RrrdzOPsack1aoWqlyl1CuL_QIjrQytuQmSqMzZ5nLUWzTkHmyGJCp93aD7uSg528Vm52y5rl-Op9KgT1W9xTM9jH5rxvRnSW-gVSiKBspeiLE_4I2_N9Cdy1GgC_TFeJhq67HSvDwxOuElKcMEq_o-esG_C54iMwbvwv-ra36DLQLCjBVixgkSU0v3w__1JVrNLGkcEWKe8jO27YZI8srSDuQ1Pg1ST535jHP4gEpGvej7Mj7VFoGMZwQNpRcPLTraT9f0tanJDxMvn68RRcfMvdfpXMmCwjbnkA7f7TVsA_miVcaBgISGiRR-dTb_P1SgRz3valLlkKsL7eOgA0dYlXAArRvcyajCOtBtUVzoatcmOvQydYDFHMfvQ_0JYBvyBxFvTMtkZ5nZ6ZWHX-ApWMnty7p0_GDkKv9gwj73H3fYW_TX-UEsJfZDPF6dnSJ7gZwI8biQJQJLl_Bs7skcrqEP3_VskYDqZgaRhc6JAnpkmSIi7I33VIlyUDW4ZwyqoE4vq5P7J1305SKwQwJ_atrUMPLyyeejCGq6XtUFLBC6djnSxJq6n6AK0Vzj8Jlc8LWZ7bAMPuMOnbSYxOslRcTp9ERerNqaMy9xi3g1bGUMvchpJYl72RS2mHI5_UuJW4Wci7pLKS_DwRbW-Z4_oy9uV32ay6dBRauvgwGJXjVvsdvOh6zQphc1HqQCb6f76TGgV_lE4A08qZaQo913yqf5ktCZyneTitn51bR6l6he4qkFV7gKj5LzAPQeGVCnojmn11APVHkBasUfEvr7BT5tPq-N8GdMn8YvEudqgL16YNHeM1y_fbDdzvUzWsNRaQTKxzSu8kOYCid9bKezL2zw4fqC_daksBwkezxK84aLbHyl41MMa-vGTs0EWPic3pNwg7PrTIoFxThHR0fxqr5jINxw2gmeBFb-dp2srPXqhjkrI696bwvKTy8qZt3oh9mQ1fgp7dKlggfB4tUWt--MrP_h27RFvRgOuYEZJ-3Ks5sl7FaY-mjzHN47WBVcFTVrFlvO9Q_VjzYV_AFbERNu0z1tFufyV1w5lfN0vOcnMqBO3IwaJS7Wjqohx3l1kocYHy0zG1KC9xqVhMwKy-sKhkJDLrXtLSJZd-Up8H4EHlAEz_qaQBIjNUIz8dinYECx2F08YOU8kFmwfhgcErZK3e6j__ONpVlVMRI0Gf4E3Lwqa3qBhurNkfvOOxkNbIfjh22HJJdaRZkBVwr0F8req6WMuVbzvD9wYkrVKzKMKLELr3bQsPbnmg1nr4fcmVP4Rjfnh9l98VpELgzAzD1hmG2n5lxDomSENAbaaZ1xmqLy01GjvtNr_OSd0gndq6rPH-GzHzZnSz9c9kWH_eUHJr226yIaQ9i_l57KSRuWOM6WlbFjJI9MCTg7lVeaqNiA3Bg6-pWD8yEiVXEKiKErOv190EK3tr-uxhLtQ0zByFd5iCXNvoKKx-dcgN5skzyjEggyVnYrOK0tTJ9Bi3X3kgWWlEwtgIFQyN04a6Rjpkvz2fjaKDTYkz4aqFKrObBrmekmg4wfGkKdQjKZY3VNPvcW3srqRFmEOS2eIJw07zEzrX3Vg9SHB2pGRNWKVCsjo4eYzE3Flkz5ML4OpMo3o7G6Gol59slPMC0HUYDyhcqw2pGqnV-OoSh46wI5I35kZP5Qa-c4v9ih11N_G1zkFYOJoqwmSsfEzPEFZ1pTEtXlupgRrmRSbHIv0E3iIyJ5hIKS0E5KdMFCzJCIfT1ljO5D9tWb_c8vt34D-Ayvij1_iWF2GvhtODyRhgKkUFx43ZxxlLWi647dDPQ2kQT3aN11DCdnsB8XVBi5a7_D3sDqYW78JniW768nvFawkykfL7svoH9v6WuRhrFL0FN57jy_8R0Fq3ETmHa4RyPq7Jz8vY4_vywy8P6I_Qg3bZPzV9V3AkzY7I7CFnsB68XU3NcwlrB4AswRO77gFE3_p51f5aQIdRj4qWPeuojzPxC63ASKMUEAgzBMdGwvQnGP_ZjWDxN1pzriDYIrpS-jR6PrTIkOVnA4XIhElQ5epXYNNgYxVNFBzBcoctLQY4LDXYZWIftLZ9Hk7_wbeqKjaWwwaGqSMkf4s2rs1Aztwd_8XA6OW13XK3JSGS4TqhmQqgq6fvAoAaRDd1cz9BnBoA3b6sjiMIoIkr5Um7RjdyGk85GAJ7Rqs88nfcIM6Vn0pbR6UgbeJBFyycSleBqVSKez8FIrPwO3ZDiinhKCmotBlgXyAgxdZoZYPFm0cIawEl-qLuyjenQn4m4kECkNn5mCgJqTOkUT1umxJh1UdR5tpOmx99d3UP-MqWUoZu6uanbj0vrhagLm7TPNV06oiCOcL9qs_Q5qbPajH0RvR5SaCGc2KetK2R_MBYF5DcHEB24RPjbTaVRu3Uo2bEZMipPDVpGeWQOWLwk5P5F_eTIKEEdc97SAoqxtjpwKW-13IF8b8CVWAt7ZJKiiKNl1x4JiNRmFTeV7qvKQfXDaXzktJ74IErWBjSpl3z3GFlDCH60t0eoDSmBWRBXCRS2AMRlziag8DM3pQOdOWtAMd4ORdhuNZ9dA79nokHd1GkUNZ8kgvdvXJz6_dXKP6JBfYPzlQ03E7uJG4nrTYj6CN931I3LvoNUVmHggwND_E7hk3zYvhEfccg5kgLSHgfBb9qhdCUgqoUOdnZrt_D2DF6-Qs0guyEdPY_woTTY4vHkgaPGN6wkU4xR60JyGkPBSeTPNHrgknf-5C-HvQp9revlr672naTcPXmkgiVcIs_Ok8skHfp9CHP7GT_NNcJXQlt7mAhhFqP-7Y8RUH4VvpimG2XvAli9rqWijLfX6NOqf9hvBvSDADyMYuKxDLKD-ajZDWubfccRYY2u4HIEQcY2pubggWj_SSowaZfF3K5Sugx8obhapjY793Pf00bEKXLrrwGCWr4qznXwCeBqsPNlUJ2HgMlvYv7bmISK726s_c2tRlEE-PoO0PPxhWqWAI4ZRICj2IVqD1zoOXsU_GiMmtITD6r7-Xe--OIV88IhMammbuBM9DpG6e1YF2QLuD3vtAdkD5B6QrfgsGhk2L8if0fSLAccUNxDV61udq0ZMydwS62N8BTaRXH-AD6n8Kk2rLC8y2sl-NGkzN6sCGItpPWpSroCcSa-m47vsUzlI4GxonnZZTjH6yW6sPga4beTTUJ8HgxLlKMYuJGooNIJpmNZfhdaj3DqY7aPFgqxIx5xGOwG--81FLlaV2ykUOXXiM2Y6lq6fSa2DfBRMY-2w0qLNj-jUAnbknhyeawSQxMvKewtyjtB6YZQjhNW5troFhVZs_sLxLotnnhrjt53t1ru3RQNUfbpal85jz-_e9Zsl5mYsCoPuSCdwPcrji5QbDJp7rNsSTe_eLc8BwB_RLIylMV_9ni4xPnTTvrvnXOp9011ZnHZH3eXnSu3vUxW734U2vhrg6BdIgAA_JILyQo-bZGQZUfiUeus8DArx2Y4-h2keyZLtFlbz9BdftrTVY28DiRpLhx5m165Mj_JvpdIp9F3Feit9CQARp6jKZydnv13-QMeziJ0I8jWHIsKpNEKcM7VNz2pW8mWnCbuNd3q37lX-l5Rq6TsQ65xgt4CN1U1k_eqsaXpZ-NmJ4i3Xd_Lw1D-Yzaj01xK2idbwGZVYweHJB4CSTN9YV2dfVuOgSdfaZDnRG0&cid=CAQSOwBpAlJWy4a9W95Wdgl1Wngo5B91E5Aqb2JcyOF4lOrEhjkl41ZbXNCtWFTvL3Qt2PI27xoYC2__quoDGAE&dv3_ver=m202301230201&rfl=https%3A%2F%2Fpcloak.blob.core.windows.net&ds=l&xdt=1&iif=1&cor=4809427012711553000&adk=3844175693&idt=32&cac=0&dtd=6

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:00:48 GMT
content-encoding: br
x-content-type-options: nosniff
age: 22338
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4172
x-xss-protection: 0
server: cafe
etag: 16731591232229431525
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:00:48 GMT

GET
H3 200 abg_lite.js Show response
pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/ Frame B9FF 30 KB
11 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/abg_lite.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 18:10:50 GMT
content-encoding: br
x-content-type-options: nosniff
age: 21736
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11545
x-xss-protection: 0
server: cafe
etag: 12064860844701496540
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=1209600
timing-allow-origin: *
expires: Mon, 24 Jul 2023 18:10:50 GMT

GET
H3 200 UFYwWwmt.js Show response
tpc.googlesyndication.com/sodar/ Frame B9FF 41 KB
13 KB 15ms
15ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 07:09:29 GMT
content-encoding: br
x-content-type-options: nosniff
age: 493417
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13692
x-xss-protection: 0
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 04 Jul 2024 07:09:29 GMT

GET
H3 200 cookie_push_onload.html Show response
pagead2.googlesyndication.com/pagead/s/ Frame 4D99 1 KB
646 B 26ms
21ms Document
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/s/cookie_push_onload.html

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

age: 26430
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=86400
content-encoding: br
content-length: 618
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:52:36 GMT
etag: 48472445140208031
expires: Tue, 11 Jul 2023 16:52:36 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
server: cafe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 18E4
Redirect Chain

https://ads.travelaudience.com/google_pixel?google_gid=CAESEKTCT0TzSsY1TFGd2JG4tpo&google_cver=1&google_push=AaAOQGGIEE3kIh5-gaadjHg9cJMgMe8WTAmMHYQ6CnQ5ewbjtw0j8uy6Vh1635IHndsMLHiRFmGENe2jXhbghKx7...
https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eMOT3u4aRSea0Za3UmO8Nw2&google_push=AaAOQGGIEE3kIh5-gaadjHg9cJMgMe8WTAmMHYQ6CnQ5ewbjtw0j8uy6Vh1635IHndsMLHiRFmGENe2jXhbghKx7UliqnnOkRRLi

170 B
188 B

24ms
23ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eMOT3u4aRSea0Za3UmO8Nw2&google_push=AaAOQGGIEE3kIh5-gaadjHg9cJMgMe8WTAmMHYQ6CnQ5ewbjtw0j8uy6Vh1635IHndsMLHiRFmGENe2jXhbghKx7UliqnnOkRRLi

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 00:13:06 GMT
via: 1.1 google
x-engine-version: 0.0.0
server: nginx/1.21.6
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR LAW CUR DEV PSA PSD IVA OUR BUS UNI COM NAV INT CNT LOC"
location: https://cm.g.doubleclick.net/pixel?google_nid=ta&google_hm=eMOT3u4aRSea0Za3UmO8Nw2&google_push=AaAOQGGIEE3kIh5-gaadjHg9cJMgMe8WTAmMHYQ6CnQ5ewbjtw0j8uy6Vh1635IHndsMLHiRFmGENe2jXhbghKx7UliqnnOkRRLi
x-host: tde-deliveryengine-production-84d9bf65c-mhtln
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 18E4
Redirect Chain

https://d5p.de17a.com/cookies/google?google_gid=CAESEDcrMTBbGBP9HnyggifbQtw&google_cver=1&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpwJk...
https://d5p.de17a.com/cookies/google;c?google_gid=CAESEDcrMTBbGBP9HnyggifbQtw&google_cver=1&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpw...
https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpwJkTSjc

170 B
188 B

46ms
40ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpwJkTSjc

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=delta_projects_ab&google_ula=668382&google_push=AaAOQGH8-YNih_VJAi-OIIMpDK2lIJbxjGWOgYX4eOAEnsgLhllqcd1vJn4ITIgfPJ-fcfe06JdYOiilYvq0S2jtwYxpwJkTSjc
content-length: 0
p3p: CP=NON CURa ADMa DEVa TAIa OUR STP IND UNI COM NAV

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 18E4
Redirect Chain

https://c1.adform.net/serving/cookie/match/?party=1&google_gid=CAESELsKwTwpVuwQlYWDGXztfEQ&google_cver=1&google_push=AaAOQGEwTZiaGU_-d5WTkydKe_wz-raZ4Sj07oO_tzmoqKN9wzDlr6sF6tHGVVRFYWVMmqbzO1uU4YG5...
https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGEwTZiaGU_-d5WTkydKe_wz-raZ4Sj07oO_tzmoqKN9wzDlr6sF6tHGVVRFYWVMmqbzO1uU4Y...

170 B
188 B

25ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGEwTZiaGU_-d5WTkydKe_wz-raZ4Sj07oO_tzmoqKN9wzDlr6sF6tHGVVRFYWVMmqbzO1uU4YG5OGWMHY2gTBNXWvbzha8K

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
access-control-max-age: 86400
access-control-allow-methods: GET
location: https://cm.g.doubleclick.net/pixel?google_nid=1024&google_ula=1641347&google_hm=MzgxNjY0MjQxOTQ3NDc1NzM5OA&google_push=AaAOQGEwTZiaGU_-d5WTkydKe_wz-raZ4Sj07oO_tzmoqKN9wzDlr6sF6tHGVVRFYWVMmqbzO1uU4YG5OGWMHY2gTBNXWvbzha8K
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-credentials: true
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
content-length: 0
expires: -1

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 18E4
Redirect Chain

https://match.360yield.com/match/ebda?google_gid=CAESEMgIrTJacYSAWywn6GgYtok&google_cver=1&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZt7ZeRmZ...
https://match.360yield.com/ul_cb/match/ebda?google_gid=CAESEMgIrTJacYSAWywn6GgYtok&google_cver=1&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZt...
https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8ZbcYD6uQN2a_muznwL-wQ&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZ...

170 B
188 B

79ms
78ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8ZbcYD6uQN2a_muznwL-wQ&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZt7ZeRmZCsJmfJ

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=improve_digital_eb&google_hm=8ZbcYD6uQN2a_muznwL-wQ&google_push=AaAOQGE_6d9EMYuaNAbS5EIkyl4uch7AHrPzHzRwWzqiptSXAv_KmCsUbKkFmWR9ZxaynWtz5VRWofsbsSYAcwZt7ZeRmZCsJmfJ
access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:06 GMT
content-type: text/plain
content-length: 0
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 18E4
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESED...
https://sync.1rx.io/usersync2/rmpssp?sub=google&zcc=1&google_push=AaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz&redir=https%3A%2F%2Fcm.g.doubl...
https://sync.targeting.unrulymedia.com/csync/RX-c216d8d2-2261-4913-8913-294d151b4c55-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGE3zc5wkam6cviZsK29i...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz&google_hm=A8IW2NIiYUkTiRMpTRUbTFU

170 B
188 B

29ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz&google_hm=A8IW2NIiYUkTiRMpTRUbTFU

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGE3zc5wkam6cviZsK29iDmGayHAjdVPVgDykCfY1qcSQE5rQI3jzVJUnr845_frfNOLY3J3ZJT8ceLGO4B6X1BvbzXYRGdz&google_hm=A8IW2NIiYUkTiRMpTRUbTFU
date: Tue, 11 Jul 2023 00:13:06 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXc216d8d2226149138913294d151b4c55003
content-type: text/html

GET
H2 200 sync
ssbsync.smartadserver.com/api/ Frame 18E4 0
45 B 192ms
20ms Image
text/plain 185.86.139.101
SMARTADSERVER

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ssbsync.smartadserver.com/api/sync?callerId=3&google_gid=CAESEHQQUWrub6Z6XWYDkjQY0xg&google_cver=1&google_push=AaAOQGHYdaHeApJk24kSBRNOYgTE4yPp9gfkTPbTcFUP7Z7-B9fYfC1cx39--GjGPZIKYfzSXGSBcEX_SjbLu9h-B5XnVBltLzIZ
Requested by: Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 185.86.139.101 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 18E4
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEGU23QZgaZUGDk5Tkrh8I_s&google_cver=1&google_push=AaAOQGEZUs7SqgZRo...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEGU23QZgaZUGDk5Tkrh8I_s&google_cver=1&google_push=AaAOQGEZUs7SqgZRo8zSA7W0-rJmJaI_Q1...

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEGU23QZgaZUGDk5Tkrh8I_s&google_cver=1&google_push=AaAOQGEZUs7SqgZRo8zSA7W0-rJmJaI_Q1sqwY45tXFHQ0NIz883TeyGLZHgvUrifkj5P1eZlc2s6ji6wrZI2aCSQ_sxv-RHUT7x

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
an-x-request-uuid: b4bb83f3-b26b-4cac-b63a-26d7770143dc
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEGU23QZgaZUGDk5Tkrh8I_s&google_cver=1&google_push=AaAOQGEZUs7SqgZRo8zSA7W0-rJmJaI_Q1sqwY45tXFHQ0NIz883TeyGLZHgvUrifkj5P1eZlc2s6ji6wrZI2aCSQ_sxv-RHUT7x
x-proxy-origin: 178.162.194.30; 178.162.194.30; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 18E4 0
12 B 23ms
21ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13ITrj_b6tHE7av8hRtqLnhw5fewvmpFtXVnN36XIjKTSk1BRzUjdFnOGpR-gzH5iNbM0fjbow

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
DATA 200
OK truncated
/ Frame B9FF 211 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69538b2a4fcb87ea95c09dd062e947c1502b6e97b152e9828619531ff4a92306

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame 48FD 0
0 53ms
52ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CtWRgkZ6sZIqXB5mIgAe05ZegBf7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwGqBNkCT9CCEp6bG5tnVvijwNAo8XlrBb7xrNDwZxej5J_PPi4ry1qbgIzLvRZNwMedQNYiyL_NCo-RIRAVGSBAWf3Gq19ZYDgyd_7iTcf80z62S25LyS5rkub_R8I5_5VU80ORbTkA5p5qmdT1ognPvAmJu-rxc7B29QLfLFL_pngC7Np6Mk2RSPrvfe7xoXi5Azzd3athX7Npdm8cO7j5SH2Saf7L7hxRYRKrwhmSZn4v-KOphxAeMKkodY9r2-gpMr20-3sPSj1ubVZQ4hTJgknV4X0x8cp_yhsAVnEK4rX1I0mm2aQx1Uoux25JYt7hLE_8d1MpsspkduR_UV2Y9SvbpSgh5oBueeJWh9yCtT0UMxldlAqJzyN5Cy2v3yOj0KZBtmwES14alg6y-5zC89PFJ6-FGFRantbZJhk-mBAvIlxAwhzwgQN09jM2TnBwj9b1BaPFZrcgXZVT4AQBgAaJt8D-9LTjbqAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjE0NTc2MDk4NDI4MzEzM4AKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=FjYijkuO00s&uach_m=[UACH]&cid=CAQSOwBpAlJWyAguPML_Rr-dngB3tVA-_cZM2LMUUhaZPgBfGMZwpWa6MFDs8wyHtRGCckV1dtbVzxnum4hnGAE&vt=10&cbvp=2&vis=1
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 200 H0ZEmIz7.html Show response
tpc.googlesyndication.com/sodar/ Frame 6DD1 23 KB
8 KB 16ms
14ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/HdsydzJK.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 63098
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 7799
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 06:41:28 GMT
expires: Tue, 09 Jul 2024 06:41:28 GMT
last-modified: Sun, 25 Jun 2023 02:58:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 300x600.html Show response
s0.2mdn.net/sadbundle/11698040626992906240/ Frame 0D02 47 KB
12 KB 26ms
25ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0e5389d4ff8aa7414543574acab723071581bde8808b8ab852e2b3b774fd3a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:06 GMT
expires: Wed, 10 Jul 2024 00:13:06 GMT
last-modified: Wed, 15 Feb 2023 15:30:55 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C9C8 0
0 62ms
62ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-b_2-QwPw4je_RuRrBV1QUUr88rDBjI6fHpOi8YLA24vrYJcu_l7HSAbIpmXaSw6jjl5AzkvOlmWzd2W2MUANp3JfCo9Vh5CfqW9EoKYZQX4RuHsGXjxesiz2wGuUx-AOufGAGsGhyG9DDVIiEZpLCYgFKp680Ai2LviVMJApzyStusoMuWp9ynyhEHpu7ddUXFu4InecBB7Cswkz_Pcgbqn9EI4dx25drtXylOV1xKJ6l5dJosqWEAeZAuaWynqxkrLO4vNCGI3fSd5tgGoiPfT3v0pJgWFmB4IWpnwUFj4jTGooWXzliEQMALcg_4VCwjx6wUs2TBVzf4sEPoquXl7Ufu3xDm9HWS3Vj4RiWg5qwznDTztT0fHVOG4JTgNh-Tn7w8hem5dzyZO8h4WX3v4luQFIANwS5TF_SPnkelAkobL_mi5VetkSARc_1-f3GFbyp-sQyumJl2SMUMsQ2VsyE6wRlOlmxLmH6Pm-Wr3vUDHdoQAcYbi78OA28OvZwt5kDdId8dss94UzYaC-UINR0zihU_-2lqiv9NRzNlAPtczrUqqjL96SRf4HdgglZcK3Io-uUxtI6XSWk7OQN-7cPnvNxQe8gg7-YCZH1w2RofwQ9PqnTBYOATJN6_YBQyof9l00V5kjThxES8czp7KmS8UHCWLdopBoCKGfGZJ9PH4PKczHm2MoW_2zy0cHiBdMxJPrSYxR00RjZ_UpvrywUKilBa-VOwibmkKIBNNnesxIZ3e30dC42vtrOkYyuwtbx-qhSmbJfOxUc-udl5CrQ09iF2hqKJnAZzs58vGlPjXjZPIhmi-SzZ4Q07dWNlJQiW5HZaTBMPSg0A5Al8T9APOBc9y7_w_DqhDprAe6M1a6GuMn6N62hvUDGdj4NHvHTic4Kn_g6i7QW9zszZziCABPpLM-ZmnRoiA7nMBYLsIqvYhGHUc8Bz61ogdfBbksC_BigIPCtp-6O2bi4Bg7AUt6bSach48jC6xmocPvn-9T45BzxmbebRglF32HbureCsNmCD8LL27EakuPMEvb_EPR6wZvJU89ZbdtpBSOR1L8o5abnWjSCFvT_CsTaTbsKRWeb_hZNDynwUK5PhtWeRH_W0MgSfYT78XDiRHYJhMrRe0z50zPG7nXTC129o6-zZ0eCuNAB_p-B1lRvXXSUfjC76DdG6b2B-pE5ne9VHdNMgGW1B2f7SC7VBD_MIOMUHiewQvM7-ZEq8jARxfYEwHa2KpA4iI80reRX-IuH-p7dPFCB588Q9PNpA99vOiXbbcnOIZWIgLKQXIqBqB8fWRJkGy52VVVGAT-i32SLjA4Y7CKaqilgWFJqZjeRvdS0Vwd9JtFke6cgyv09qxov_sEjdW0OVBatS3ex3uzmG7mWlfWKmLsRgKynaUUQR9EXM4SNbl4txSZ2uFTFRXZ7T3YX31eFyu4J1dMXzsnpb-9FYrIOKxxc6TN1lGcY3PhXHsIO4TrPZstH7fv4-BpfoN_pIoUy5a-Fo2a4gBYYvYH&sai=AMfl-YRFfgejCfhdZNfh--tXwHMxYH2BSe55VAROvUe1ra_LRKccrQRwQUVmwS3UEUVEh3297RhdYc0lV3EE8CrwVhw22soo7P4YbDr6Uk5Tw-agrI4JjlR_VBvjjs4Dkc4jyqWSTYUWwySeXUN9TAT8w0ILX0PMBi0edyEuFzQDPqg3UzD9rOs4qF2fAGICWj2Wk4r7tg_excLiN73hxLG02k3l1Ym0UZWTxx99v6ZhzRtfv5Ut0q7ShW02R1Obr0KoRhC4sPCSSiewIT7H967SO--QRPh1cA&sig=Cg0ArKJSzEBFdZ2Cjq1FEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=187&cbvp=1&cstd=178&cisv=r20230706.99869&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:06 GMT

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 388ms
175ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=infoLoad&g=m&r=npm_nefisyemektarifleri:13::10710800&o=400-500&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:06 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame 2B9A 37 KB
14 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D5
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEMrkojG-lnEGzKid7-_3GBI&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEMrkojG-lnEGzKid7-_3GBI&google_cver=1&google_push=AaAOQGHml8H5_5uH2fRleXbGDcJLQ8LzBNJg-nndUEmtC3y...

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEMrkojG-lnEGzKid7-_3GBI&google_cver=1&google_push=AaAOQGHml8H5_5uH2fRleXbGDcJLQ8LzBNJg-nndUEmtC3yV4st1SwRQdTk8VisdluaGx91YTWOULBrge-sI0hmw5jZCrBHESfYo

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:05 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-0afa2568184f9f5d2@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEMrkojG-lnEGzKid7-_3GBI&google_cver=1&google_push=AaAOQGHml8H5_5uH2fRleXbGDcJLQ8LzBNJg-nndUEmtC3yV4st1SwRQdTk8VisdluaGx91YTWOULBrge-sI0hmw5jZCrBHESfYo
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D5
Redirect Chain

https://gcm.ctnsnet.com/int/cm?exc=1&acc=crimtan&google_gid=CAESEHgvgwspMi9cJ9kkXvn8WA4&google_cver=1&google_push=AaAOQGGXx4A-3Ik-spXeleBaO2QtPmWAlMUN7icIKYXLJaFf4hAIHCr1fI00QjiJxpPEtSbmXYbZBBteHEc...
https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGGXx4A-3Ik-spXeleBaO2QtPmWAlMUN7icIKYXLJaFf4hAIHCr1fI00QjiJxpPEtSbmXYbZBBteHEcZhgaiTryNBYNl7Ahd&google_hm=spRmZJbHTr6R_eIhlQfJZB4

170 B
188 B

30ms
29ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGGXx4A-3Ik-spXeleBaO2QtPmWAlMUN7icIKYXLJaFf4hAIHCr1fI00QjiJxpPEtSbmXYbZBBteHEcZhgaiTryNBYNl7Ahd&google_hm=spRmZJbHTr6R_eIhlQfJZB4

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:05 GMT
via: 1.1 google
server: Apache-Coyote/1.1
p3p: CP="NOI DSP COR NID CUR OUR NOR"
status: 302
location: https://cm.g.doubleclick.net/pixel?google_nid=crimtan&google_push=AaAOQGGXx4A-3Ik-spXeleBaO2QtPmWAlMUN7icIKYXLJaFf4hAIHCr1fI00QjiJxpPEtSbmXYbZBBteHEcZhgaiTryNBYNl7Ahd&google_hm=spRmZJbHTr6R_eIhlQfJZB4
content-type: text/html;charset=UTF-8
cache-control: no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D5
Redirect Chain

https://pixel.rubiconproject.com/exchange/sync.php?p=dfp&google_gid=CAESEG2EP8hPtQMxBsqynsyBJr8&google_cver=1&google_push=AaAOQGEZbxaUHpWZYLjeZIYGSpJIlOU0Qivfq-sXEbAVjBdwB5V_X026gS7atYJG3iaUGt30rop...
https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYSkdQRjEtMTMtNk5PQg==&google_push=AaAOQGEZbxaUHpWZYLjeZIYGSpJIlOU0Qivfq-sXEbAVjBdwB5V_X026gS7atYJG3iaUGt30rop-KQhOptx9CtVLPW71BsaBFHRU

170 B
188 B

34ms
34ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYSkdQRjEtMTMtNk5PQg==&google_push=AaAOQGEZbxaUHpWZYLjeZIYGSpJIlOU0Qivfq-sXEbAVjBdwB5V_X026gS7atYJG3iaUGt30rop-KQhOptx9CtVLPW71BsaBFHRU

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/html
Location: https://cm.g.doubleclick.net/pixel?google_nid=rp&google_hm=TEpYSkdQRjEtMTMtNk5PQg==&google_push=AaAOQGEZbxaUHpWZYLjeZIYGSpJIlOU0Qivfq-sXEbAVjBdwB5V_X026gS7atYJG3iaUGt30rop-KQhOptx9CtVLPW71BsaBFHRU
Cache-Control: no-cache,no-store,must-revalidate
content-length: 0
X-RPHost: 5b959e9b7aef6dd90a6fa539ca64ac62
Expires: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D5
Redirect Chain

https://ssum-sec.casalemedia.com/usermatchredir?s=184023&cb=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dindex%26google_hm%3D&google_gid=CAESEA-yofxukj8SE4lPY5e3Qbs&google_cver=1&googl...
https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEA-yofxukj8SE4lPY5e3Qbs&google_hm=ZKyekeb2HoFaDortVPyq7QAADMAAAAAB&google_nid=index&google_push=AaAOQGGyrBJYmsTTq3yymZkf485Gatab8xAAe...

170 B
188 B

31ms
28ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEA-yofxukj8SE4lPY5e3Qbs&google_hm=ZKyekeb2HoFaDortVPyq7QAADMAAAAAB&google_nid=index&google_push=AaAOQGGyrBJYmsTTq3yymZkf485Gatab8xAAeEVq1dlGrtmECGjuErew-4a2tYRLhv5mzCZc_a_HvVOusr2Kb8EM2U8aqufdQ3E

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:06 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: https://cm.g.doubleclick.net/pixel?google_cver=1&google_gid=CAESEA-yofxukj8SE4lPY5e3Qbs&google_hm=ZKyekeb2HoFaDortVPyq7QAADMAAAAAB&google_nid=index&google_push=AaAOQGGyrBJYmsTTq3yymZkf485Gatab8xAAeEVq1dlGrtmECGjuErew-4a2tYRLhv5mzCZc_a_HvVOusr2Kb8EM2U8aqufdQ3E
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=1, max=500
Content-Length: 0
Expires: 0

GET
H2

200

/
onetag-sys.com/match/ Frame 57D5
Redirect Chain

https://onetag-sys.com/match/?int_id=106&redir=1&google_gid=CAESEKOe5D6EzrWh6HjTsZdsH3A&google_cver=1&google_push=AaAOQGEpJ32YS0TbgkCvJBToDN1QeO67XRDauosJP3bp6NZOyX5RxetryJPTcoKY1cYAZeCxmtmyHsRkcY1...
https://cm.g.doubleclick.net/pixel?google_nid=one_tag&google_hm=&google_push=AaAOQGEpJ32YS0TbgkCvJBToDN1QeO67XRDauosJP3bp6NZOyX5RxetryJPTcoKY1cYAZeCxmtmyHsRkcY1a_tAJ_eli18Sj03zaqw
https://onetag-sys.com/match/?int_id=19&google_error=5

0
151 B

20ms
14ms

Image
text/plain

51.89.9.251
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://onetag-sys.com/match/?int_id=19&google_error=5

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

51.89.9.251 London, United Kingdom, ASN16276 (OVH, FR),

Reverse DNS

ip251.ip-51-89-9.eu

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security: max-age=15552000
cache-control: no-transform, no-cache
content-length: 0
p3p: CP='CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://onetag-sys.com/match/?int_id=19&google_error=5
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 255
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D5
Redirect Chain

https://secure.adnxs.com/getuid?https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=${BASE64_UID_ENC}&google_gid=CAESEF-FXzjsoOzTVY-lIf-ux14&google_cver=1&google_push=AaAOQGGHR-kNSA0Kg...
https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEF-FXzjsoOzTVY-lIf-ux14&google_cver=1&google_push=AaAOQGGHR-kNSA0KgQkEUbbCVaZdk3Nggb...

170 B
188 B

25ms
24ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEF-FXzjsoOzTVY-lIf-ux14&google_cver=1&google_push=AaAOQGGHR-kNSA0KgQkEUbbCVaZdk3NggbTXryRUFfCj5MUHOG3vnylIQ2Wcf2PZhE5OGeOIRzXbCEcrpoHwm08Ulg68o4IHkmMt1g

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
an-x-request-uuid: 8dc08d92-568c-4e27-827e-e3e02ba2ba26
server: nginx/1.21.3
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://cm.g.doubleclick.net/pixel?google_nid=xandr_eb&google_hm=NTI3NTkyNDExMjYzMTczNTk2NQ%3D%3D&google_gid=CAESEF-FXzjsoOzTVY-lIf-ux14&google_cver=1&google_push=AaAOQGGHR-kNSA0KgQkEUbbCVaZdk3NggbTXryRUFfCj5MUHOG3vnylIQ2Wcf2PZhE5OGeOIRzXbCEcrpoHwm08Ulg68o4IHkmMt1g
x-proxy-origin: 178.162.194.30; 178.162.194.30; 1005.bm-nginx-loadbalancer.mgmt.fra1.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 57D5
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEN1GzKayt...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

26ms
25ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%
date: Tue, 11 Jul 2023 00:13:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 57D5 0
12 B 23ms
21ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13IzeEHhHwaRYLzMLSWbnhk8utQpSunfhlwlM05Eqx4E6nilDERMJAFhLd-lMLUYLhtDRgAu4QCJ

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 8D9C 22 KB
8 KB 17ms
16ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 493353
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame 0D02 118 KB
40 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 10:36:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49006
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 10:36:20 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame 0D02 63 KB
25 KB 26ms
25ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H3 200 160x600.html Show response
s0.2mdn.net/sadbundle/5793540040533475328/ Frame C32E 47 KB
12 KB 24ms
24ms Document
text/html 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/html_inpage_rendering_lib_200_278.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-type: text/html
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:06 GMT
expires: Wed, 10 Jul 2024 00:13:06 GMT
last-modified: Wed, 15 Feb 2023 15:29:42 GMT
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-xss-protection: 0

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B9FF 0
0 67ms
67ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1G1PZULsoc7QUCx2DnnjuR9p6ffB8hllFHcbv5eyOWqR0po0UsSZgYteZ-ScyNm96idMbMh83U1vp5DZqrt6wApkvRHA5Zb8LqRoi3tP8ASFcswiqcteCCC8NzMU_HXkDkyw5rFdBnxh-frunI_KblZt-K-PgLE2OtIiFfKW_FyJ9UmR2S1ZFi4WE_zEhqoe0X65sauxFbugZ7pCJMNhVQW37TzBfAkZSkvw_BtN-j44O87wwRMoP98-sCSESri5EHYv0JN558hJ-kOHQa2B4dfdCM6IADWakjsHUNBKrJkJuOVZvgMYKIFEXzxLp-6vOQCep_ycz75e51bS4jPSqP8Zgw9Ks_WeY_jAz4RW9pndfFJMrwzyGOPkNDXfkNTROF7bk0d8TiHlf-M99VhyPs8ylv5d0ywGGvCoDVNTueEjAtzJXSTjbO1sAboP4w04rrFiS1G8mkmCtpvdrCg-AxVo7PMg1NW5xPsU6iUkL56lEkmi5prUiM130_w34oFxB82ann1u5cha8V0dl8oAdd_iT70lQJ-pKrK8PJF9JbSQpcYbnZSPrF9fC96xuMJwsroAPapM_l5oRf2p8_b4F5W1yYn9GJGkUBD4LjxribygNvtlXpgklFiuLSVVzAFLnelrOjrw5lip2tk-XR4yNhZqGWhgkjY-jdE7xr0RvFlFh4cBzTYnuKtXFpgtJX4LBumRV7Q9R7btBkWfqtY8jS6_eV0_5LFRrwBGA55sPl4ZhgK6b7s0VWZ2t0s1wZHniiwLb-UD8Cw71_PzPAtWAJtGTNMEdxEI-SYNr_cgzrZweej4rdsNSrUREn5tnM5MGIzFd3IUE9pPHl1DR4Whdx_Gnh3YWDdkTNoCRItabhZ3AbbM_TBAJvWfXDA4CAsW8I1eqCg8ejztKbAjhKRGVSxUiRO7f1cVKge_zvpoTg-3nhBfKegHpLoJHQbbxBw6YkxRWm3Ra7ueV_zXtCUhaGLYrGJwroUoR6hPsryJvGMJnafXffrGCTFCPqkK4FnKpaVkjB7jPK9hxU7D5dF1Nx1DbTyDN3hLWZAfhA4dge_pgnxtfEjNpp-mKwIz7gumRqCrJDOeUlDrPFfTMXiuF_XdLFT20q_HtGn19XFnrocV_kyV4TYaK_B_NUxWOn6cLA-a1MSTIbRS2yo8jnTg7ZTuccbzukPfeccxcXN9OKsfgRhAp_T0-8qzfN2faEP8Jfez0S0i0yiUz7aZAG8BKfuzWBTUKhiCFGaFy_DsmiPRE5d8Kn6Yw45pCeF2IBrHuSVbEbHXgJoNRyMOCOKA4Nd_RBe56egDMM5F8JHccHfqdKu8hCbl0GDcYC9XsrwBzo3zy1h3nnIXvQ8LfNvjVhR2Y8d_3VQgvKQkhpVqvTgjWgZI7Xlk1EjxX0eJasCx4tBXJMCCxKPkFGpGsIrAXzJfTU9ntfvsr0RusciHoSxm1lWrkEn-7jY55g6T2ON_qkZ_GAItcwELxS7-BGihy9Fz0TMjYuQtGpgqvtqYx6AgF41YUZA&sai=AMfl-YQa7EerFQdcMl6qvuuGW1l5x3uDIbdEcVDmKnL1r3AdRFqPrRUkMniovmtGM3KYD2K2RAdK4nMJdgETGgIsifcQu3HmY7p8IRUny3-ZSG597_3bKaIMrQGFmACuQRuvuAG541E4xU7prYZDszMVslq1JE2r9zl8ZbFUVgGWa-G3nHShG75YwQlqwaPjWJvOWsCFfjSIWYlYoQeiuIE77wz0WbrzE7khFgLUq26xeEXXKqdm1BCioypnTPOc5iN90U8PcfgogQko1WKsa-CQW_ZKT7Y_GQ&sig=Cg0ArKJSzBqLsZcJiYyyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=152&cbvp=1&cstd=145&cisv=r20230706.61336&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-security-policy: script-src 'none'; object-src 'none'
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
cache-control: private
access-control-allow-credentials: true
timing-allow-origin: *
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H2 200 gemius.js Show response
gdetr.hit.gemius.pl/ Frame F937 63 KB
18 KB 20ms
19ms Script
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/gemius.js
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: ab49b06f01ba01695f3b425793784b260bc2dea123e763d6201f234f2315c9ad

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://gdetr.hit.gemius.pl/gdejs/xgde.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
last-modified: Fri, 12 May 2023 12:38:55 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
vary: Accept-Encoding,Origin
p3p: CP="NOI DSP COR NID PSAo OUR IND"
content-type: application/x-javascript
cache-control: max-age=43200
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 17898
expires: Tue, 11 Jul 2023 12:13:06 GMT

GET
H3 206 2
r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 403D 2 MB
2 MB 14ms
14ms Media
video/mp4 2a00:1450:400e:17::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:17::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

9b279f62d8ab632481b6d6fda4c49c8b9ee7fd77988c13e4b8baa7007d37b10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

expires: Tue, 11 Jul 2023 00:13:06 GMT
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2220695/2220696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 2220696
last-modified: Fri, 07 Jul 2023 14:34:05 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
client-protocol: quic

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4D99
Redirect Chain

https://pm.w55c.net/ping_match.gif?ei=GOOGLE&rurl=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3D9675309%26google_hm%3D_wfivefivec64esc_&google_gid=CAESEO0ZFpf-_hpsXZzkVZGlRJ8&google_cve...
https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEO0ZFpf-_hpsXZzkVZGlRJ8&google_cver=1&google_push=AaAOQGFmHvIOBhCXRjy4vHnkdXqV9z_6QLyC9FV-SromdFJ...

170 B
188 B

48ms
44ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEO0ZFpf-_hpsXZzkVZGlRJ8&google_cver=1&google_push=AaAOQGFmHvIOBhCXRjy4vHnkdXqV9z_6QLyC9FV-SromdFJ6x0hrzD8Ei8CgZ9yGh4uSKQBFtqNqsRBcItaR0x510n1oFizl0IqV

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Tue, 11 Jul 2023 00:13:05 GMT
Strict-Transport-Security: max-age=2592000; includeSubDomains
Server: PingMatch/v2.0.30-782-g97d928b#rel-ec2-master i-036c9e308bb7e39b5@eu-central-1b@dxedge-app-eu-central-1-prod-asg
Location: https://cm.g.doubleclick.net/pixel?google_nid=9675309&google_hm=WmpsTFVVcUwxUWoxMDY1&google_gid=CAESEO0ZFpf-_hpsXZzkVZGlRJ8&google_cver=1&google_push=AaAOQGFmHvIOBhCXRjy4vHnkdXqV9z_6QLyC9FV-SromdFJ6x0hrzD8Ei8CgZ9yGh4uSKQBFtqNqsRBcItaR0x510n1oFizl0IqV
Cache-Control: no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 AdxPixel
tr.blismedia.com/v1/api/sync/ Frame 4D99 0
173 B 71ms
22ms Image
text/plain 34.96.105.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.blismedia.com/v1/api/sync/AdxPixel?google_gid=CAESEN3os9xLOJ03wOO95x_1RA4&google_cver=1&google_push=AaAOQGFjUoIYmwUj5VDyTOw64Y-iSF2P2pN06uoiNiiZPU99u396ZEHoVTh0TOxAJdETVJJBR3o9SGTckrZKIJGanSThGtckv-uH
Requested by: Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.105.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.105.96.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4D99
Redirect Chain

https://dsp.adfarm1.adition.com/cookie/?ssp=2&google_gid=CAESECgEnQ_KKdb0uYbqjX1NqiU&google_cver=1&google_push=AaAOQGEKWVy2Isty2T1sCm-pQJ9tcjfL_kLGDf0djIKC0EaMrdno0zEjhqe3flORi6U3PY4nu80SxmrNgtGbsB...
https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM0NzQ0OTY5Njk3NDk5Mg%3D%3D&google_push=AaAOQGEKWVy2Isty2T1sCm-pQJ9tcjfL_kLGDf0djIKC0EaMrdno0zEjhqe3flORi6U3PY4nu80SxmrNgtGbsBA9yz...

170 B
188 B

25ms
25ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM0NzQ0OTY5Njk3NDk5Mg%3D%3D&google_push=AaAOQGEKWVy2Isty2T1sCm-pQJ9tcjfL_kLGDf0djIKC0EaMrdno0zEjhqe3flORi6U3PY4nu80SxmrNgtGbsBA9yzCi1mAv88_9

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

Location: https://cm.g.doubleclick.net/pixel?google_nid=agent&google_hm=NzI1NDM0NzQ0OTY5Njk3NDk5Mg%3D%3D&google_push=AaAOQGEKWVy2Isty2T1sCm-pQJ9tcjfL_kLGDf0djIKC0EaMrdno0zEjhqe3flORi6U3PY4nu80SxmrNgtGbsBA9yzCi1mAv88_9
Date: Tue, 11 Jul 2023 00:13:06 GMT
Server: nginx
Connection: keep-alive
Transfer-Encoding: chunked
p3p: policyref="http://imagesrv.adition.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD IVDo OTPi OUR IND STP PHY PRE NAV UNI"

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4D99
Redirect Chain

https://pr-bh.ybp.yahoo.com/sync/adx?google_gid=CAESEJKj_4hsiZtaDJTbcC5J_VI&google_cver=1&google_push=AaAOQGH-v7OVuUXWBLbL9zX_qDsTbN6f-BPADvIva2he2ogwNyNMQLCnkzFpcEBSEAOJPKWBT1nCG3KEEU0Zq3VbeZZV-tW...
https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-v7OVuUXWBLbL9zX_qDsTbN6f-BPADvIva2he2ogwNyNMQLCnkzFpcEBSEAOJPKWBT1nCG3KEEU0Zq3VbeZZV-tW9Op2l&google_hm=eS1Wb1c0SHdKRTJwRjVoRU...

170 B
188 B

31ms
27ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-v7OVuUXWBLbL9zX_qDsTbN6f-BPADvIva2he2ogwNyNMQLCnkzFpcEBSEAOJPKWBT1nCG3KEEU0Zq3VbeZZV-tW9Op2l&google_hm=eS1Wb1c0SHdKRTJwRjVoRUdlWXZqZ2VCV0llUE9PN1F4Vn5B

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

date: Tue, 11 Jul 2023 00:13:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
location: https://cm.g.doubleclick.net/pixel?google_nid=yahoo&google_push=AaAOQGH-v7OVuUXWBLbL9zX_qDsTbN6f-BPADvIva2he2ogwNyNMQLCnkzFpcEBSEAOJPKWBT1nCG3KEEU0Zq3VbeZZV-tW9Op2l&google_hm=eS1Wb1c0SHdKRTJwRjVoRUdlWXZqZ2VCV0llUE9PN1F4Vn5B
content-length: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4D99
Redirect Chain

https://sync.1rx.io/usersync2/rmpssp?sub=google&redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3D%5BRX_SPD%5D%26google_hm%3D%5BRX_UUID_B64_BIN%5D&google_gid=CAESEE...
https://sync.targeting.unrulymedia.com/csync/RX-c216d8d2-2261-4913-8913-294d151b4c55-003?redir=https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dr1%26google_push%3DAaAOQGF5mZsHQbB6PXkeQH3jL...
https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF5mZsHQbB6PXkeQH3jLLlbXS7fUxYPB21eAln-DLzTQ43MLeJXqTQeSc-FJY0C9lZ9RSzUHZKmDhJCthRUAS3chdnWIuT5&google_hm=A8IW2NIiYUkTiRMpTRUbTFU

170 B
188 B

38ms
38ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF5mZsHQbB6PXkeQH3jLLlbXS7fUxYPB21eAln-DLzTQ43MLeJXqTQeSc-FJY0C9lZ9RSzUHZKmDhJCthRUAS3chdnWIuT5&google_hm=A8IW2NIiYUkTiRMpTRUbTFU

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=r1&google_push=AaAOQGF5mZsHQbB6PXkeQH3jLLlbXS7fUxYPB21eAln-DLzTQ43MLeJXqTQeSc-FJY0C9lZ9RSzUHZKmDhJCthRUAS3chdnWIuT5&google_hm=A8IW2NIiYUkTiRMpTRUbTFU
date: Tue, 11 Jul 2023 00:13:06 GMT
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"
etag: RXc216d8d2226149138913294d151b4c55003
content-type: text/html

GET
H/1.1

200

0.gif
id5-sync.com/i/495/ Frame 4D99
Redirect Chain

https://sync.inmobi.com/gob?google_gid=CAESEIJamB1eFOgKX1viWuvislg&google_cver=1&google_push=AaAOQGGCK1RXNdUlp8eoShchERiKdIt8NUwxUJf8BUcOm4c4Arr6lMsWpkxP5qDK2DBT8_mVm5cMp55ugDT1f2G85JZ5vK6iVAm-
https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGGCK1RXNdUlp8eoShchERiKdIt8NUwxUJf8BUcOm4c4...

43 B
1 KB

67ms
18ms

Image
image/gif

162.19.138.82
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGGCK1RXNdUlp8eoShchERiKdIt8NUwxUJf8BUcOm4c4Arr6lMsWpkxP5qDK2DBT8_mVm5cMp55ugDT1f2G85JZ5vK6iVAm-

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

HTTP/1.1

Server

162.19.138.82 Frankfurt am Main, Germany, ASN16276 (OVH, FR),

Reverse DNS

ns31532337.ip-162-19-138.eu

Software

Resource Hash

a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

content-type: image/gif;charset=UTF-8
date: Tue, 11 Jul 2023 00:13:06 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
transfer-encoding: chunked
p3p: CP="CAO PSA OUR"

Redirect headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-security-policy: default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
x-permitted-cross-domain-policies: none
referrer-policy: no-referrer
expect-ct: max-age=0
x-dns-prefetch-control: off
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
location: https://id5-sync.com/i/495/0.gif?gdpr_consent=&gdpr=&callback=https%3A%2F%2Fsync.inmobi.com%2FgobRedirectFromId5%3Fid%3D%7BID5UID%7D%26google_push%3DAaAOQGGCK1RXNdUlp8eoShchERiKdIt8NUwxUJf8BUcOm4c4Arr6lMsWpkxP5qDK2DBT8_mVm5cMp55ugDT1f2G85JZ5vK6iVAm-
x-download-options: noopen
vary: Accept
content-length: 271
x-xss-protection: 0

GET
H3

200

pixel
cm.g.doubleclick.net/ Frame 4D99
Redirect Chain

https://x.bidswitch.net/check_uuid/https%3A%2F%2Fcm.g.doubleclick.net%2Fpixel%3Fgoogle_nid%3Dthe_mediagrid_eb%26google_hm%3D%24%7BBSW_UUID%7D%26%25%25GOOGLE_PUSH_PAIR%25%25?google_gid=CAESEOClJLjZN...
https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

170 B
188 B

46ms
40ms

Image
image/png

142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
content-type: image/png
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

location: https://cm.g.doubleclick.net/pixel?google_nid=the_mediagrid_eb&google_hm=04abd9ed-8d5b-4f63-9067-dbbbaea3fc35&%%GOOGLE_PUSH_PAIR%%
date: Tue, 11 Jul 2023 00:13:06 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0

GET
H3 204 attr
cm.g.doubleclick.net/pixel/ Frame 4D99 0
12 B 29ms
27ms Image
text/html 142.250.186.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel/attr?d=AHNF13LuuoiGRf31tRDR76-zh_YaRkYU9sNBp6io7Ep0qY41mFqIf22KndNZvddWRRdMvihQL-6HnCY

Requested by

Host: a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
URL: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/safeframe/1-0-40/html/container.html?n=1

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s06-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://pagead2.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
server: HTTP server (unknown)
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 Enqz_20U.html Show response
tpc.googlesyndication.com/sodar/ Frame 4C45 22 KB
8 KB 18ms
17ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/UFYwWwmt.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 493353
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 8395
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Wed, 05 Jul 2023 07:10:33 GMT
expires: Thu, 04 Jul 2024 07:10:33 GMT
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
timing-allow-origin: *
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 Enabler_01_247.js Show response
s0.2mdn.net/879366/ Frame C32E 118 KB
40 KB 19ms
18ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/879366/Enabler_01_247.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 10:36:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 49006
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 41099
x-xss-protection: 0
last-modified: Mon, 27 Sep 2021 18:45:07 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 10:36:20 GMT

GET
H3 200 gsap_3.9.1_min.js Show response
s0.2mdn.net/ads/studio/cached_libs/ Frame C32E 63 KB
25 KB 33ms
32ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/ads/studio/cached_libs/gsap_3.9.1_min.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 25329
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 19:08:26 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H3 200 adview
securepubads.g.doubleclick.net/pagead/ Frame D729 0
0 56ms
56ms Image
text/html 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://securepubads.g.doubleclick.net/pagead/adview?ai=CLVC-kZ6sZPf4BsXggQfE95e4D_7T969czs-92OoCwI23ARABIABglYKAgLAHggEXY2EtcHViLTc5ODM2NTEyNTc4MzgyODLIAQXgAgCoAwGqBNkCT9AJ8xe_xK_Kw2g8TxWSMaa9UuO7aQiV0keeGm1PmZMLMBb3l6o3GRUkm_aGSTlNkBv_25erP7uEdlINs3d0r0c5EVlze9stlvxlCo4Kbgfv82OmYo1JCqFcDdAF60j_oouKN2qgb4WICQtB1zgXSFO84gmY2J-7g2KuaeYlP8Px9byzcxxKL0Gdz_WZ20WbFdHkDULQf3sW_QEcTBQBny0zWaiPnAyKcznHsXQSh1G03OP4LCv-3440oZh5Xvp0TkL4O2IZmipAVCqtOQ-AID8MxfstlQXYceJ07oXHU4LixZNIFSfRLZHZK52UiJdYKY7zHH-2ODO-0AfioBcno38K1-UZbJwWBhSXfFi7_REeewfuc5a9blGCmFfawuZHF0DaWc6dQx8XlOm5GdZfu-YZVdh35vXox7O2mEaES2daf8du9S6-mD3lPBTMbk1vsKrbuqK1wiQM4AQBgAaJt8D-9LTjbqAGKqgHpr4bqAeW2BuoB6qbsQKoB4OtsQKoB_-esQKoB9-fsQLYBwDSCBQIgOGAEBABMgKqAjoCgEBIvf3BOvIIG2FkeC1zdWJzeW4tNjE0NTc2MDk4NDI4MzEzM4AKA_oLAggBgAwB0BUBgBcBshccChoSFHB1Yi03OTgzNjUxMjU3ODM4MjgyGOrBbQ&sigh=0B203Bcbalk&uach_m=[UACH]&cid=CAQSOwBpAlJWeaJ3IElNpLwsAMuLT57sdiLn9GlCMRP7B6Z5n5ReabCPbr-7YGfX8U9XR3vBDvuWi7M5zjVeGAE&vt=10&cbvp=2&vis=1
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 206 2
r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame 48FD 2 MB
2 MB 27ms
21ms Media
video/mp4 2a00:1450:400e:17::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/267C59352FE2F4465A0B37E9253F3B787CEBD15D.65FBE80268726D0557996F8BB9AADC2FCEA2D445/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/af8bb9bb30f7a3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:17::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

9b279f62d8ab632481b6d6fda4c49c8b9ee7fd77988c13e4b8baa7007d37b10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

expires: Tue, 11 Jul 2023 00:13:06 GMT
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2220695/2220696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 2220696
last-modified: Fri, 07 Jul 2023 14:34:05 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
client-protocol: quic

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 237ms
176ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adDataLoad&g=m&r=npm_nefisyemektarifleri:preroll:100&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:06 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H2 200 zoneview
ng.virgul.com/ Frame 2C63 0
222 B 71ms
66ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/zoneview?c=&mt=1689034386347&v=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F%26vi%3D10710800%40&r=153182:nefisyemektarifleri&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18&tp=&os=&call=&vd=0&ses=0&dim=1600x1200&l=&y=&w=0&ext=,as,rc1,hf1,vv1,gpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%40karabiber%40kuru%20so%C4%9Fan%40nohut%40pul%20biber%40s%C4%B1v%C4%B1%20ya%C4%9F%40sivri%20biber%40su%40tuz%26nyt_cat%3Dpost&info=&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&rdmt=0.8750790657467742
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:06 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 235ms
177ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=videoActivateError&g=m&r=npm_nefisyemektarifleri:windows:Chrome_114.0.5735.198&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:06 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
DATA 200
OK truncated
/ Frame 2C63 1016 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js Show response
pagead2.googlesyndication.com/bg/ Frame 6DD1 37 KB
14 KB 33ms
28ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/JuxDZWINa7otHwaisCqyMSq7iwQyCfHq_LhnNSU0b2U.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/H0ZEmIz7.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 11:40:36 GMT
content-encoding: br
x-content-type-options: nosniff
age: 45150
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14572
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 09 Jul 2024 11:40:36 GMT

GET
H2

206

10710800-480_2-170k.mp4
istr-n23.nktcdn.com/data/videos/10710/ Frame 2C63
Redirect Chain

https://istr.izlesene.com/data/videos/10710/10710800-480_2-170k.mp4?token=WrNYJ7w2eSPis-tmRVFyXA&ts=1689124386&playername=npm_nefisyemektarifleri
https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=bjraxpsNtm8-B44cid7d3w&ts=1689120786

1 MB
0

229ms
52ms

Media
video/mp4

185.7.176.223
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=bjraxpsNtm8-B44cid7d3w&ts=1689120786
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Server: 185.7.176.223 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
Content-Range: bytes 0-22366387/22366388
date: Tue, 11 Jul 2023 00:13:07 GMT
last-modified: Tue, 06 Sep 2022 14:04:31 GMT
server: openresty/1.15.8.3
Content-Length: 22366388
content-type: video/mp4

Redirect headers

date: Tue, 11 Jul 2023 00:13:06 GMT
server: openresty/1.15.8.3
content-type: text/html
location: https://istr-n23.nktcdn.com/data/videos/10710/10710800-480_2-170k.mp4?playername=npm_nefisyemektarifleri&token=bjraxpsNtm8-B44cid7d3w&ts=1689120786
access-control-allow-origin: *
cache-control: max-age=0
content-length: 151
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 8D9C 38 KB
14 KB 56ms
55ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 482109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H2 200 lsget.html Show response
ls.hit.gemius.pl/ Frame 2D92 5 KB
3 KB 148ms
38ms Document
text/html 146.59.30.108
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://ls.hit.gemius.pl/lsget.html
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gemius.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 146.59.30.108 , France, ASN16276 (OVH, FR),
Reverse DNS: ip108.ip-146-59-30.eu
Software: GHC /
Resource Hash: 141d2a7ff7d83322d7d1322b62695e25cb491e3b9698f18ee02668c8cbcf798b

Request headers

Referer: https://gdetr.hit.gemius.pl/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
accept-ranges: none
cache-control: private, max-age=2592000
content-encoding: gzip
content-length: 2713
content-type: text/html;charset=utf-8
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:06 GMT
etag: PRIVATE7520710249
expires: Thu, 10 Aug 2023 00:13:06 GMT
last-modified: Mon, 16 Jul 2012 10:03:40 GMT
p3p: CP="NOI DSP COR NID PSAo OUR IND"
server: GHC
vary: Accept-Encoding,Origin,User-Agent

GET
H3 206 2
r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip... Frame D729 2 MB
2 MB 20ms
18ms Media
video/mp4 2a00:1450:400e:17::9
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://r4---sn-5hne6n6e.c.2mdn.net/videoplayback/id/f8fd2e94061f0d97/itag/343/source/web_video_ads/ctier/L/acao/yes/ip/0.0.0.0/ipbits/0/expire/1720570385/sparams/acao,ctier,expire,id,ip,ipbits,itag,mh,mip,mm,mn,ms,mv,mvi,pl,source/signature/5329750CF93E46D188B111E9D361184515D2B31E.7A800ACFD69E4A198EF969D2C4B75F39D30DB936/key/cms1/mh/xb/pl/44/redirect_counter/1/rm/sn-5hnezs7e/req_id/e042ee55e0ea3ee/cms_redirect/yes/mip/2a00:c98:2050:a007:2::10/mm/34/mn/sn-5hne6n6e/ms/ltu/mt/1689034128/mv/m/mvi/2?ir=1&rr=13&file=file.mp4

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:400e:17::9 , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

gvs 1.0 /

Resource Hash

9b279f62d8ab632481b6d6fda4c49c8b9ee7fd77988c13e4b8baa7007d37b10c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Range: bytes=0-

Response headers

expires: Tue, 11 Jul 2023 00:13:06 GMT
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
Content-Range: bytes 0-2220695/2220696
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,quic=":443"; ma=2592000; v="46"
Content-Length: 2220696
last-modified: Fri, 07 Jul 2023 14:34:05 GMT
server: gvs 1.0
vary: Origin
content-type: video/mp4
access-control-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
access-control-expose-headers: Client-Protocol, Content-Length, Content-Type, X-Bandwidth-Est, X-Bandwidth-Est2, X-Bandwidth-Est3, X-Bandwidth-App-Limited, X-Bandwidth-Est-App-Limited, X-Bandwidth-Est-Comp, X-Bandwidth-Avg, X-Head-Time-Millis, X-Head-Time-Sec, X-Head-Seqnum, X-Response-Itag, X-Restrict-Formats-Hint, X-Sequence-Num, X-Segment-Lmt, X-Walltime-Ms
cache-control: private, max-age=86400
access-control-allow-credentials: true
accept-ranges: bytes
timing-allow-origin: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
client-protocol: quic

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame C9C8 0
0 64ms
63ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss-b_2-QwPw4je_RuRrBV1QUUr88rDBjI6fHpOi8YLA24vrYJcu_l7HSAbIpmXaSw6jjl5AzkvOlmWzd2W2MUANp3JfCo9Vh5CfqW9EoKYZQX4RuHsGXjxesiz2wGuUx-AOufGAGsGhyG9DDVIiEZpLCYgFKp680Ai2LviVMJApzyStusoMuWp9ynyhEHpu7ddUXFu4InecBB7Cswkz_Pcgbqn9EI4dx25drtXylOV1xKJ6l5dJosqWEAeZAuaWynqxkrLO4vNCGI3fSd5tgGoiPfT3v0pJgWFmB4IWpnwUFj4jTGooWXzliEQMALcg_4VCwjx6wUs2TBVzf4sEPoquXl7Ufu3xDm9HWS3Vj4RiWg5qwznDTztT0fHVOG4JTgNh-Tn7w8hem5dzyZO8h4WX3v4luQFIANwS5TF_SPnkelAkobL_mi5VetkSARc_1-f3GFbyp-sQyumJl2SMUMsQ2VsyE6wRlOlmxLmH6Pm-Wr3vUDHdoQAcYbi78OA28OvZwt5kDdId8dss94UzYaC-UINR0zihU_-2lqiv9NRzNlAPtczrUqqjL96SRf4HdgglZcK3Io-uUxtI6XSWk7OQN-7cPnvNxQe8gg7-YCZH1w2RofwQ9PqnTBYOATJN6_YBQyof9l00V5kjThxES8czp7KmS8UHCWLdopBoCKGfGZJ9PH4PKczHm2MoW_2zy0cHiBdMxJPrSYxR00RjZ_UpvrywUKilBa-VOwibmkKIBNNnesxIZ3e30dC42vtrOkYyuwtbx-qhSmbJfOxUc-udl5CrQ09iF2hqKJnAZzs58vGlPjXjZPIhmi-SzZ4Q07dWNlJQiW5HZaTBMPSg0A5Al8T9APOBc9y7_w_DqhDprAe6M1a6GuMn6N62hvUDGdj4NHvHTic4Kn_g6i7QW9zszZziCABPpLM-ZmnRoiA7nMBYLsIqvYhGHUc8Bz61ogdfBbksC_BigIPCtp-6O2bi4Bg7AUt6bSach48jC6xmocPvn-9T45BzxmbebRglF32HbureCsNmCD8LL27EakuPMEvb_EPR6wZvJU89ZbdtpBSOR1L8o5abnWjSCFvT_CsTaTbsKRWeb_hZNDynwUK5PhtWeRH_W0MgSfYT78XDiRHYJhMrRe0z50zPG7nXTC129o6-zZ0eCuNAB_p-B1lRvXXSUfjC76DdG6b2B-pE5ne9VHdNMgGW1B2f7SC7VBD_MIOMUHiewQvM7-ZEq8jARxfYEwHa2KpA4iI80reRX-IuH-p7dPFCB588Q9PNpA99vOiXbbcnOIZWIgLKQXIqBqB8fWRJkGy52VVVGAT-i32SLjA4Y7CKaqilgWFJqZjeRvdS0Vwd9JtFke6cgyv09qxov_sEjdW0OVBatS3ex3uzmG7mWlfWKmLsRgKynaUUQR9EXM4SNbl4txSZ2uFTFRXZ7T3YX31eFyu4J1dMXzsnpb-9FYrIOKxxc6TN1lGcY3PhXHsIO4TrPZstH7fv4-BpfoN_pIoUy5a-Fo2a4gBYYvYH&sai=AMfl-YRFfgejCfhdZNfh--tXwHMxYH2BSe55VAROvUe1ra_LRKccrQRwQUVmwS3UEUVEh3297RhdYc0lV3EE8CrwVhw22soo7P4YbDr6Uk5Tw-agrI4JjlR_VBvjjs4Dkc4jyqWSTYUWwySeXUN9TAT8w0ILX0PMBi0edyEuFzQDPqg3UzD9rOs4qF2fAGICWj2Wk4r7tg_excLiN73hxLG02k3l1Ym0UZWTxx99v6ZhzRtfv5Ut0q7ShW02R1Obr0KoRhC4sPCSSiewIT7H967SO--QRPh1cA&sig=Cg0ArKJSzEBFdZ2Cjq1FEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=486&vt=11&dtpt=299&dett=3&cstd=178&cisv=r20230706.99869&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H2 200 5e2588d56f82ad050a013c2a
ng2.virgul.com/tck/imp/ Frame 2C63 0
222 B 108ms
107ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5e2588d56f82ad050a013c2a?g=1&t=dfpcode&r=153204@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:06 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame A899 0
22 B 73ms
69ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BTCS0kZ6sZO-_FJ7P7_UP94OnUAAAAAA4AeAEAg&bg=!BAelB1PNAAb90kgr3dI7ADkAdvg8WpkARJh4g8gpAZFqvBi9FRXs4iQMTWLGUpQccvLEq_Pnnf7NJz3RDDKU-wKG56geFlydSCECAAABz1IAAAAGaAEHmQMOWdH6z7Ad0BmvOy7S-MNv0BbBfVoOKiPDNPGEkb8KeVXKXlRSIY9iwjmM8FZ0yS4YocsygV5U6bBLh9U_AWpQ4vHmD6ESI7I5yfaswzAvkp1-cWlKP0kUBH42a4VT01Fyp2EkRrGRlb-MkM1JJBXsm_SW94Qa5iLfugwLZX5mSz6W7I8BSrJKfwp8TsQPKwciG5VGCBA_jrk9suyzfbbv-dsTUBRbfPRtQoh49sTZHES9Tm8FjkF2wXe2hs3Xp3u6_VPMb3MzK-kP9W0Dw813Uxo4A3RUtS2A1di72CBXRFbpPRoYONwMbas1hm5wPCPP47QNDBhqib68XWxoPwa4BXa--QS1CwnOAN9QmXtPNdkQFVvydGkB06B5uJD5Es24e4KP_-MAs4nZW7s1iVkfpPTJ3uhCpwkq2AFoZhrh5yIeyeVrtdC0ibTNcRhItjeuaKn1lpopBHLhqghuP3JYENZm_HZa4BroGVE5opX35CiQTFyUgZ1hxFh5UK3yboQP3tdjX5I1vkTGaEyMDfpJChmpo-TWBJhzaRSY4c0uP7D9KUN1fzmkyMjueuCsVv7_syI4zDy41osqGR9fC_gQIkSy89jb__PzC7NHjo-oTfAnvzvxJSDouABK5VNm_gxyKT20Ul22kEyrlRm3vHTlF5iYt2oHfamIjwVagJny81nPRptIdySE9D_jQGL57rhj1GQZQSR-E1F9GdJLcb1fsmxaEW2fV8hygthSVihvG3cSTQB6xWeV0s5rmyXvKemxZeeyrejPLMLma_GmYRZvb6DTw83IDON555kvVLGX2q0HKXUF_FTFx_UCwPSeNzz8tmyaNElUq2dZsfsQAuywyr4m4-j7wXtUavngRAKcp0LggmxILfIUzOjpArANBm5xUABBp-vmb2_984vTC9U36AVegFQgkdNMNcX7tDlvk6EceiDJKWLyOxgbrQwamB0ukuqyu9Ps0RhMKOkdmL_5ZF2ZkHYF0ySo38CPcnL26FUZvZTkQGcG4faqnE7bqdIiYk8yJJfVV-PRLhPkl4U

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 4C45 38 KB
14 KB 22ms
18ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/Enqz_20U.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 482109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H3 200 view
googleads4.g.doubleclick.net/pcs/ Frame B9FF 0
0 72ms
68ms Fetch
image/gif 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjss1G1PZULsoc7QUCx2DnnjuR9p6ffB8hllFHcbv5eyOWqR0po0UsSZgYteZ-ScyNm96idMbMh83U1vp5DZqrt6wApkvRHA5Zb8LqRoi3tP8ASFcswiqcteCCC8NzMU_HXkDkyw5rFdBnxh-frunI_KblZt-K-PgLE2OtIiFfKW_FyJ9UmR2S1ZFi4WE_zEhqoe0X65sauxFbugZ7pCJMNhVQW37TzBfAkZSkvw_BtN-j44O87wwRMoP98-sCSESri5EHYv0JN558hJ-kOHQa2B4dfdCM6IADWakjsHUNBKrJkJuOVZvgMYKIFEXzxLp-6vOQCep_ycz75e51bS4jPSqP8Zgw9Ks_WeY_jAz4RW9pndfFJMrwzyGOPkNDXfkNTROF7bk0d8TiHlf-M99VhyPs8ylv5d0ywGGvCoDVNTueEjAtzJXSTjbO1sAboP4w04rrFiS1G8mkmCtpvdrCg-AxVo7PMg1NW5xPsU6iUkL56lEkmi5prUiM130_w34oFxB82ann1u5cha8V0dl8oAdd_iT70lQJ-pKrK8PJF9JbSQpcYbnZSPrF9fC96xuMJwsroAPapM_l5oRf2p8_b4F5W1yYn9GJGkUBD4LjxribygNvtlXpgklFiuLSVVzAFLnelrOjrw5lip2tk-XR4yNhZqGWhgkjY-jdE7xr0RvFlFh4cBzTYnuKtXFpgtJX4LBumRV7Q9R7btBkWfqtY8jS6_eV0_5LFRrwBGA55sPl4ZhgK6b7s0VWZ2t0s1wZHniiwLb-UD8Cw71_PzPAtWAJtGTNMEdxEI-SYNr_cgzrZweej4rdsNSrUREn5tnM5MGIzFd3IUE9pPHl1DR4Whdx_Gnh3YWDdkTNoCRItabhZ3AbbM_TBAJvWfXDA4CAsW8I1eqCg8ejztKbAjhKRGVSxUiRO7f1cVKge_zvpoTg-3nhBfKegHpLoJHQbbxBw6YkxRWm3Ra7ueV_zXtCUhaGLYrGJwroUoR6hPsryJvGMJnafXffrGCTFCPqkK4FnKpaVkjB7jPK9hxU7D5dF1Nx1DbTyDN3hLWZAfhA4dge_pgnxtfEjNpp-mKwIz7gumRqCrJDOeUlDrPFfTMXiuF_XdLFT20q_HtGn19XFnrocV_kyV4TYaK_B_NUxWOn6cLA-a1MSTIbRS2yo8jnTg7ZTuccbzukPfeccxcXN9OKsfgRhAp_T0-8qzfN2faEP8Jfez0S0i0yiUz7aZAG8BKfuzWBTUKhiCFGaFy_DsmiPRE5d8Kn6Yw45pCeF2IBrHuSVbEbHXgJoNRyMOCOKA4Nd_RBe56egDMM5F8JHccHfqdKu8hCbl0GDcYC9XsrwBzo3zy1h3nnIXvQ8LfNvjVhR2Y8d_3VQgvKQkhpVqvTgjWgZI7Xlk1EjxX0eJasCx4tBXJMCCxKPkFGpGsIrAXzJfTU9ntfvsr0RusciHoSxm1lWrkEn-7jY55g6T2ON_qkZ_GAItcwELxS7-BGihy9Fz0TMjYuQtGpgqvtqYx6AgF41YUZA&sai=AMfl-YQa7EerFQdcMl6qvuuGW1l5x3uDIbdEcVDmKnL1r3AdRFqPrRUkMniovmtGM3KYD2K2RAdK4nMJdgETGgIsifcQu3HmY7p8IRUny3-ZSG597_3bKaIMrQGFmACuQRuvuAG541E4xU7prYZDszMVslq1JE2r9zl8ZbFUVgGWa-G3nHShG75YwQlqwaPjWJvOWsCFfjSIWYlYoQeiuIE77wz0WbrzE7khFgLUq26xeEXXKqdm1BCioypnTPOc5iN90U8PcfgogQko1WKsa-CQW_ZKT7Y_GQ&sig=Cg0ArKJSzBqLsZcJiYyyEAE&uach_m=[UACH]&fbs_aeid=[gw_fbsaeid]&urlfix=1&omid=0&rm=1&ctpt=457&vt=11&dtpt=305&dett=3&cstd=145&cisv=r20230706.61336&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&arae=0&ftch=1&adurl=

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 0D02 8 KB
6 KB 59ms
55ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8c89853a9ba40b986530b44423e07d7ffc96e76f513682c15a4bb9bf4516c5b1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5850
x-xss-protection: 0

POST
H3 204 csi
csi.gstatic.com/ Frame 403D 0
17 B 123ms
122ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ljxjgorn&c=5136533165635&slotId=2568266582817.5&qqid=CLyWnbSvhYADFf0BVQgdfQAICQ&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=988&mt=video%2Fmp4&vs=640x360&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.hn&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 0D02 17 KB
6 KB 48ms
48ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame C32E 8 KB
6 KB 29ms
27ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=xfad&tv=01_247&st=int

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

2a778e9ab9b54488a790a724d036cc59fc43af829d33bb647e54f24f7b94b6a4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 5849
x-xss-protection: 0

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 5235 0
22 B 50ms
49ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BGkl7kZ6sZNPfG-nymLAP_PmfmA8AAAAAOAHgBAI&bg=!RkWlRRHNAAb90kgr3dI7ADkAdvg8WlqsshkTxHSTD4OaZxd9XWEqMec5IqJrzml_gK9yvxXZ3F4_DhntdiFrPdNB2pHWVPyovDACAAAB0VIAAABFaAEHmQMmLnlUSEjTo-zmIsrhgxSienYukG7JCSI6YBeSb5a5VzdU5LeTaFHqRBeOP7v12H5GpeFeSTWSmjb_xz4kevda0hD8R3kDPRVsvZj4lIFx41jxnV0UxpdZZEibIjvbSmr0G-glfBdAchWC3DxHxbuU1yHA8GoC-L37r5d3lv6ymR-oGQyXSxh9faK67qzD0GA23WONHdwNs6z2LiHS-RuICQtIE23kiLxMg3a5y3lmrxFzVeGdUq0yx0SlFlzCWT2QDSlCXywvMbQj4LLo3-XM6wIxBY8IigFuaJ9njIyltLKPkDm4ZQsaWKmQ-BTnltlu3M6HICmumQTRTgL1MTZYaCs4bOABQjhcTQIFf7XFIKSkZ-rMa-CbmeE_TaPUdRZU0Rph3oOYfOtxLeyfLLL-Pl0U6sagPa_cMevWap5asaCmhcMMTs9uVB2KRdPb2dUzAVXMh2g9CqXX0IfGSOKrF85PNyxNR783m7fJmSP2MyvOXJ_2ndnp_42Px16tPH0h9WG1KLLqfUS4qkpYqus_GIGZr5dZDhItzRSvie7HX_olH1tYzA22h_iTFCKRSKBdHz7UqZP5cxW7AMvNRTLPcw3qdUcZhP43wvnMXcwaemmm3VSBvk60IcvcUC-XdwnXuDzAEnf4Fxn28aCN7bdChSsGTJpHGSLA3NXfIqmeWOpOBFOTGYcZ5al4JfPXEc7sqoKFz2gak3-DlnVTk-8us8HCzwYkqbj34JP3EQAvU0b5j8BfmQ7pljGXZ-ghDAfoyffHiZkgFcTsBtkuO2xBx40CvsBh-oOXyOBT-6o_Npl8pxqp-xDPR2m1W1cVEyzUv_FtL2kFczWZFTMSByQC5Qbm8LW9wlxtH5RlWs3wKRjKvJ4aTup8fN9OpjJKJkn6EHEMP1KLktK0-yDDi0VG4FG_M4GFZ1eyOQ6updj-iZbZJyoFrW7z12x8fkGJN3nx_J2OVOehonEuV5zzt3Tm2Weqhqhf4hfOvKUxAMXicfnMo0867KSlp3UchrFOH5HSaPJOjmTmHEGsvB6xR8o_480iR6bheI3WJsvJlj2xgl_iCs8mY2s

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame C32E 17 KB
6 KB 51ms
51ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/879366/Enabler_01_247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H2

200

redot.js Show response
gdetr.hit.gemius.pl/__/_1689034386886/ Frame A77A
Redirect Chain

https://gdetr.hit.gemius.pl/_1689034386886/redot.js?id=BbORifATbClkExxkwBmocJagYwTFqRHtZ278l_0BjM3.O7/fastid=bbudzftinuomyhbaszefxbqhxglp/stparam=lejjipkovr&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_...
https://gdetr.hit.gemius.pl/__/_1689034386886/redot.js?id=BbORifATbClkExxkwBmocJagYwTFqRHtZ278l_0BjM3.O7/fastid=bbudzftinuomyhbaszefxbqhxglp/stparam=lejjipkovr&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%...

2 B
179 B

29ms
29ms

XHR
application/x-javascript

188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/__/_1689034386886/redot.js?id=BbORifATbClkExxkwBmocJagYwTFqRHtZ278l_0BjM3.O7/fastid=bbudzftinuomyhbaszefxbqhxglp/stparam=lejjipkovr&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D1033&lsdata=YZt6w34J8OgdQ4oUC53cB8FHQNIZcdfCwohSa28tvi3.I7FuvmugkvLJmIfVv5xoQfL7fG1Q6TulSc7XyEmzBeyboSN_/MeErWB4c8FXzo/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D649563a3e4b07cc95f8808f6%26r%3D153183%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgpnyt%253D1%2526video%253D1%2526rec%253Dbakliyat-yemekleri%2526rec_ing%253Ddomates%2Bsal%25C3%25A7as%25C4%25B1%2540karabiber%2540kuru%2Bso%25C4%259Fan%2540nohut%2540pul%2Bbiber%2540s%25C4%25B1v%25C4%25B1%2Bya%25C4%259F%2540sivri%2Bbiber%2540su%2540tuz%2526nyt_cat%253Dpost%26info%3D%26cs%3D1689034384412%26mt%3D1689034384322%26userId%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26vmn%3D649563a3e4b07cc95f8808f6___153183-375847772&ref=https%3A%2F%2Fwww.nefisyemektarifleri.com%2F
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: H2
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
access-control-allow-origin: https://ng2.virgul.com
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 2
expires: Mon, 10 Jul 2023 00:13:06 GMT

Redirect headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:06 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
access-control-allow-origin: https://ng2.virgul.com
location: /__/_1689034386886/redot.js?id=BbORifATbClkExxkwBmocJagYwTFqRHtZ278l_0BjM3.O7/fastid=bbudzftinuomyhbaszefxbqhxglp/stparam=lejjipkovr&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=ls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D1%7Chct%3D1033&lsdata=YZt6w34J8OgdQ4oUC53cB8FHQNIZcdfCwohSa28tvi3.I7FuvmugkvLJmIfVv5xoQfL7fG1Q6TulSc7XyEmzBeyboSN_/MeErWB4c8FXzo/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D649563a3e4b07cc95f8808f6%26r%3D153183%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgpnyt%253D1%2526video%253D1%2526rec%253Dbakliyat-yemekleri%2526rec_ing%253Ddomates%2Bsal%25C3%25A7as%25C4%25B1%2540karabiber%2540kuru%2Bso%25C4%259Fan%2540nohut%2540pul%2Bbiber%2540s%25C4%25B1v%25C4%25B1%2Bya%25C4%259F%2540sivri%2Bbiber%2540su%2540tuz%2526nyt_cat%253Dpost%26info%3D%26cs%3D1689034384412%26mt%3D1689034384322%26userId%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26vmn%3D649563a3e4b07cc95f8808f6___153183-375847772&ref=https%3A%2F%2Fwww.nefisyemektarifleri.com%2F
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 0
expires: Mon, 10 Jul 2023 00:13:06 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 72A3 17 KB
6 KB 57ms
57ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/r20230706/r20110914/xfa/sodar_loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:13:06 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 588D 38 KB
14 KB 14ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 482109
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 0D02 47 KB
47 KB 17ms
16ms Font
font/woff2 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:04:59 GMT
x-content-type-options: nosniff
age: 487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:19:59 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame 0D02 46 KB
46 KB 17ms
17ms Font
font/woff2 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:11:31 GMT
x-content-type-options: nosniff
age: 95
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:26:31 GMT

GET
H3 200 60005582_20230704081939926_APP_iPhon14Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 0D02 29 KB
29 KB 36ms
35ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704081939926_APP_iPhon14Pro_Asset.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dafa5a247facfc545e94a09ea12da423909aefca05557ec1a73e6d296fc540aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:58:13 GMT
x-content-type-options: nosniff
age: 29693
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29704
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 15:19:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 15:58:13 GMT

GET
H3 200 60005582_20230704052209084_300x600_GRAD.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame 0D02 37 KB
37 KB 36ms
36ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704052209084_300x600_GRAD.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ae9e8c27eddc095bf349a965776f1db4340da5231aa01359793cbebcb265f300

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:26:32 GMT
x-content-type-options: nosniff
age: 42394
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 38236
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 12:22:09 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 12:26:32 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame 0D02 43 B
609 B 110ms
27ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_354695210_145353403_PO1104A20230705&ref=29118705_4307561_354695210_145353403_PO1104A20230705
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 00:13:07 GMT
via: 1.1 varnish-live-1-1
CF-Cache-Status: HIT
age: 11504864
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 15 Feb 2023 15:39:24 GMT
Server: cloudflare
etag: "2b-5f4bee2778300"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 72699927
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e4cd6b72c941cb3-AMS
Expires: Wed, 10 Jul 2024 00:13:07 GMT

GET
H3 200 OnAir-Bold.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame C32E 47 KB
47 KB 17ms
17ms Font
font/woff2 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Bold.woff2

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:04:59 GMT
x-content-type-options: nosniff
age: 487
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 47676
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:39 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:19:59 GMT

GET
H3 200 OnAir-Light.woff2
s0.2mdn.net/creatives/assets/4140742/ Frame C32E 46 KB
46 KB 25ms
25ms Font
font/woff2 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/creatives/assets/4140742/OnAir-Light.woff2

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
Origin: https://s0.2mdn.net
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:11:31 GMT
x-content-type-options: nosniff
age: 95
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 46936
x-xss-protection: 0
last-modified: Thu, 06 May 2021 11:38:50 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:26:31 GMT

GET
H3 200 60005582_20230704081939926_APP_iPhon14Pro_Asset.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame C32E 29 KB
29 KB 35ms
35ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704081939926_APP_iPhon14Pro_Asset.png

Requested by

Host: s0.2mdn.net
URL: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

dafa5a247facfc545e94a09ea12da423909aefca05557ec1a73e6d296fc540aa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 15:58:13 GMT
x-content-type-options: nosniff
age: 29693
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 29704
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 15:19:40 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 15:58:13 GMT

GET
H3 200 60005582_20230704052242884_160x600_GRAD.png
s0.2mdn.net/ads/richmedia/studio/60005582/ Frame C32E 17 KB
17 KB 37ms
37ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/ads/richmedia/studio/60005582/60005582_20230704052242884_160x600_GRAD.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

2ec83381655c8a79a739b55b151d24bf78451562b314fca054876a82d6cee4ab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 12:31:08 GMT
x-content-type-options: nosniff
age: 42118
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 17365
x-xss-protection: 0
last-modified: Tue, 04 Jul 2023 12:22:42 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=86400
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 12:31:08 GMT

GET
H/1.1 200
OK postview.gif
portal.o2online.de/nws/img/ Frame C32E 43 B
609 B 112ms
33ms Image
image/gif 141.101.90.97
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://portal.o2online.de/nws/img/postview.gif?partnerId=O2_DSP_TRA_HAV_14114_PV&mediacode=29118705_4307561_354695792_145341318_PO1102A20230705&ref=29118705_4307561_354695792_145341318_PO1102A20230705
Requested by: Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 141.101.90.97 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date: Tue, 11 Jul 2023 00:13:07 GMT
via: 1.1 varnish-live-2-1
CF-Cache-Status: HIT
age: 3625274
x-cache: MISS
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: keep-alive
Content-Length: 43
last-modified: Wed, 10 May 2023 18:30:14 GMT
Server: cloudflare
etag: "2b-5fb5b10159980"
Vary: Accept-Encoding
Content-Type: image/gif
x-varnish: 596102340
cache-control: public, max-age=31536000
Accept-Ranges: bytes
CF-RAY: 7e4cd6b73f4c41bc-AMS
Expires: Wed, 10 Jul 2024 00:13:07 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame 0D02 26 KB
26 KB 18ms
17ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/11698040626992906240/300x600.html?e=69&leftOffset=0&topOffset=0&c=7ltSdymmxI&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:10:03 GMT
x-content-type-options: nosniff
age: 184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:25:03 GMT

GET
H3 200 bubblespritesheettiny.png
s0.2mdn.net/creatives/assets/4085730/ Frame C32E 26 KB
26 KB 14ms
14ms Image
image/png 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s0.2mdn.net/creatives/assets/4085730/bubblespritesheettiny.png

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://s0.2mdn.net/sadbundle/5793540040533475328/160x600.html?e=69&leftOffset=0&topOffset=0&c=mz3cJ8ll8m&t=1&renderingType=2&ev=01_250
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:10:03 GMT
x-content-type-options: nosniff
age: 184
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 27068
x-xss-protection: 0
last-modified: Fri, 12 Mar 2021 15:44:55 GMT
server: sffe
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=900
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:25:03 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame A39C 38 KB
14 KB 18ms
18ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 482110
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame 862C 38 KB
14 KB 14ms
13ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 482110
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2B9A 0
23 B 50ms
50ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=BCGe8kZ6sZLvbKdHLzQangKP4BgAAAAA4AeAEAg&bg=!kZKlksbNAAb90kgr3dI7ADkAdvg8WqqQqifFwl7fmvnkvlWy6NIAMlYDbdavMqED1lfg5gT2w67aic7rlUeGJZwu7dBmQ4UhYnMCAAACp1IAAAAFaAEHCgATbqdZazu2Z88CHA2YGMg0pXDCd5kDOC7fbfSJ83bOS7KzYFXLuMuyrSDpEGofumcxTQS-HxBa0HU87YTLtzJ7aPbin8_NSLDLS5Ol2SbuFN3Hn058zzUhhBNhxfp_62T-8EY-rAIG80_hmpA5ZfghQsH7HDhJKMH_lsb-dnSBqU9Gv0ok5ExRwqFynmKczfP23Iup8KrH7b0pD6jwuSEhSYf3igIez_JMNQnOCMHVPpSM-LWLuuuFOeEtYfNMIjLr9HHekiiJg_mh7YGkkdXgIY5EtUclHtwvrK0_TEOizEGBZ2pwwOS8GDfVSmJELY0M1cqrMDNdMpuSXKbECYhO2NPUGbb5tlqXWyAVDafkXyv9w4gzl6U_FUANmhpxzgtqWL9L5R7wf9GXe2J7zTQKWXJqHWZXzQ2p3OKBLdeDUSw648XVzycVBOKdvh67vw1tNNxhDoy2Iz3HUuujlTu8BInd9Bvv38DT5EixtrT1G7K8wu9olXbLdSVgE-UVg12pZ-og9oXvMN83zYYvlCvalV9AWXt_pLAp9Fh2zZK1kqRJ2HCh_b7cc-7CqH87cNws-dH_owCTeDT71s1sldYuX3ymiLylA50LuHf7QwnrODTA3QO0rFuNQFvahDLqgWWbSOB4oXyDFPrxOhI3ZOld0IZBpMZmTNk2GdeDUq02oPWtutHV5zK9dm8RV22t86Lj6Hj9VjrhG1C9eZC36_NeslC0vQ5VRbBVAAXzu7pEqOHGswFnoMtl5NlJtQ1-Nlou976Fca0W5CxbpVh1dFZCpffY8YhG1js_ZrlY0yENW3KhodEJQyf1PmsWs3neoHOY1Mwdy6iDC56y2vPXFIdsCkJpFDvqsD2qkSoGA9m4XoyXWV_qc60iUsScVPd6M2RfHFkFiqaRC1yBtj1KTbMR2HxcWIFF8fZWz2G41Bah3lR47jD7r1j8eY6BfqhgFKunTK7d3GzExWlNCgoBRuMkKYBCvvDGA_fy-cqtboHycli7Csf-7_oLj4b6kka7Sr1-M18IVDn4IuKW1ocw9nBNzpTkVtqosgEaXs07J2gcQlHaczoovKWNPmmeyMIWTeq_dvezMHzv3rwos_-Xh2St3yEnUyYiwlP-Gr0PsT-9

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 redot.js Show response
gdetr.hit.gemius.pl/_1689034387277/ Frame A77A 2 B
302 B 22ms
22ms XHR
application/x-javascript 188.165.145.88
OVH

General

Check archive.org

Show headers Download Go to

Full URL: https://gdetr.hit.gemius.pl/_1689034387277/redot.js?id=BbORifATbClkExxkwBmocJagYwTFqRHtZ278l_0BjM3.O7/stparam=yeqplmetum&inner=_ch_mobile%3D0%7C_ch_wow64%3D0%7C_ch_brands%3D%7C&extra=isn%3D0%7Cisn_d%3D2687%7Cisn_s_v%3D3v4d_4%7Cls%3D1%7Ctpb%3D1%7Cifr%3D1%7Cifrv%3D98%7Cifrw%3D970%7Cifrh%3D250%7Cxref%3Dhttps%3A%2F%2Fpcloak.blob.core.windows.net%7Ctq%3D2%7Chct%3D1033&lsdata=YZt6w34J8OgdQ4oUC53cB8FHQNIZcdfCwohSa28tvi3.I7FuvmugkvLJmIfVv5xoQfL7fG1Q6TulSc7XyEmzBeyboSN_/MeErWB4c8FXzo/&href=https%3A%2F%2Fng2.virgul.com%2Fadview%3Fa%3D649563a3e4b07cc95f8808f6%26r%3D153183%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26l%3D%26ext%3D%252Cas%252Crc0%252Chf1%252Cvv1%252Cgpnyt%253D1%2526video%253D1%2526rec%253Dbakliyat-yemekleri%2526rec_ing%253Ddomates%2Bsal%25C3%25A7as%25C4%25B1%2540karabiber%2540kuru%2Bso%25C4%259Fan%2540nohut%2540pul%2Bbiber%2540s%25C4%25B1v%25C4%25B1%2Bya%25C4%259F%2540sivri%2Bbiber%2540su%2540tuz%2526nyt_cat%253Dpost%26info%3D%26cs%3D1689034384412%26mt%3D1689034384322%26userId%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26vmn%3D649563a3e4b07cc95f8808f6___153183-375847772&ref=https%3A%2F%2Fwww.nefisyemektarifleri.com%2F
Requested by: Host: gdetr.hit.gemius.pl
URL: https://gdetr.hit.gemius.pl/gdejs/xgde.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 188.165.145.88 , France, ASN16276 (OVH, FR),
Reverse DNS
Software: GHC /
Resource Hash: 75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ng2.virgul.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
server: GHC
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
p3p: CP="NOI DSP COR NID PSAo OUR IND"
access-control-allow-origin: https://ng2.virgul.com
content-type: application/x-javascript
cache-control: no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
accept-ranges: none
content-length: 2
expires: Mon, 10 Jul 2023 00:13:07 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 48FD 0
17 B 610ms
609ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ljxjgp00&c=4543384542910&slotId=2271692271455&qqid=CMqjp7SvhYADFRkE4AodtPIFVA&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=988&mt=video%2Fmp4&vs=640x360&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.ls&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 6DD1 0
23 B 65ms
64ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=34&t=2&li=v_h.0.0.0&bgai=Bv9n1kZ6sZPG5OYn1zAaR9bOgDwAAAAA4AeAEAg&bg=!3N-l34vNAAb90kgr3dI7ADkAdvg8Wm-ub1N1UKSMUpqzZ7TkYIXLAYZ89s9_-Nl8LUo2hCXLTRF-zs7fdczAwtt4hjOKbg-s680CAAACaFIAAAAGaAEHmQMaWtWR1K6vs4mUgEp2T-V7SflCJEV-8ASu44rmwoSfjc_sMxBhyiBBW2-yvgh6ujucODVzTMBRjYmtWYPWVffQorh1Urg9bMLSZOTV58OV2LSA80jwXh2XMbNyX_AgYeAP4nxqyBQj9lh4aFo99KTah6QTfQjIE34ar1ec_Pj-rxnYfHC3mNRDIHdNnndcjnuugpujfGgkt8-yCFWP6MLjE5XLIb7QicZZs3Fm8gFG2-xZBW9EvoOv8TQhmMpracph9AjqK2U12tM9Cm0z-2MgaBPMaMCtpaZiiKvnmSBqhvjtuVRCm72FSPoc_mfOhymVsuDhUuOeLpTiEd_G3NH9eY8vQld-gfRFBrkpWqnTL0mhmQvgfxLHz5Xb3WO2HW7c5BhmSjffOmxeNODKZFGpM0S0zN_cUaP9uZJDV2QQzG1Lr6hdj01Hm6NWThofRSCbjHP7dAtBBv-oupZDKMGZElsgIhh_8zjpFMpCMOxH_tTKcY-QQw9BIivH6wwbREyekLBJtgFACMw8GkLfSNfwcXQJ8_QbDx1qshAMK55DS2C3SA2wgmZzZ0XFKSVDvR7XYAM-y-VQCfo3sYML2AuCW8cvYZA3AiuB5f3D_-VmzP4-KY51z3XH1ymXRV7KccBhtAAyG5p34K0CzahKD3RaAGzjVrb4gGQ3PSSkCT6mnF8lVxBIU-CzIl1dK4T39miFWKu8GfsrYSP1w0WpFY5yJrrp1nfMlm78rwlUVo5PnYhLQ3j_wnzK51PM0W5kzDN10H5knnaUGT_pKNaHKX_EWISdtUt5iQVh7TNynuiQMOJ4G8d0gd2tslSlzlN3gmEiPxvCn9FIZWiUQcUGFYzA6GUryIUH6qqakqIerEcB5YMACyAxGikjswIcq9otGdLx4OawgIrawPlikbcWG1exjw5th05mdLjqez3ZmCtSl1v63ps5RmqAOvuz2YtogFHZ2JHiJ0IbNc0MA7eaz7WJ2N9RCTqqYBDjEjZ03iFf1Lmx5fO_KJjo-V9-xJPkkYsQsH95ZYCDr9Z4Z9QYEIsMhZpAD9gWT4vNwWk

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 print.css
mn.nytcdn.com/wp-content/themes/nytheme/ Frame 2C63 1 KB
1020 B 25ms
25ms Stylesheet
text/css 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-content/themes/nytheme/print.css?1680961699

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

47d8199865dfcfbad460b752d8a5ce4b85dfdf3f46d2d1bc3ef1715909caed5e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 1642
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Mar 2022 06:41:39 GMT
server: cloudflare
etag: W/"623c12a3-58e"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CzY7eurqKQLPgT0HSszPLymQcfZAbDi7Z68rOr5nUQYzRG1Slq35lom2XhWgvNag%2FZtNzOtfak2XsMoQ1V06R9nUSNM%2BZhbT0dslryuUWgkpo4wSK2Vt2Uc%2F7vS8JGXJW4fTyFBcubqY3an7"}],"group":"cf-nel","max_age":604800}
x-varnish: 908260124 908289460
content-type: text/css
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e4cd6b91cc50a58-AMS
x-nyt-cache: hit cached

GET
H3 200 wp-emoji-release.min.js Show response
mn.nytcdn.com/wp-includes/js/ Frame 2C63 18 KB
5 KB 20ms
19ms Script
application/javascript 2a06:98c1:3120::3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://mn.nytcdn.com/wp-includes/js/wp-emoji-release.min.js?ver=6.2.2

Requested by

Host: www.nefisyemektarifleri.com
URL: https://www.nefisyemektarifleri.com/etsiz-nohut-yemegi-248941/

Protocol

Security

QUIC, , AES_128_GCM

Server

2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:07 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 2845
alt-svc: h3=":443"; ma=86400
x-xss-protection: 1; mode=block
last-modified: Thu, 18 May 2023 13:12:05 GMT
server: cloudflare
etag: W/"64662425-4904"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=36wEGPDyaeesW2XsXH8SHZgeSEw2vmmtBothWvylfxhBkwGSuCLBbBRYUwwKmTA39tJGy9G6EpSgq2BTghKew39nBBnF6gCPfBOdCBBnOaG5xa2Yg7vtg9OYLR97bE32H6CxMIqjz%2BZSIjlQ"}],"group":"cf-nel","max_age":604800}
x-varnish: 102177650 101907530
content-type: application/javascript
access-control-allow-origin: *
x-abc: s3
cache-control: max-age=14400
cf-ray: 7e4cd6b91ccc0a58-AMS
x-nyt-cache: hit cached

GET
H3 200 sodar Show response
pagead2.googlesyndication.com/getconfig/ Frame 2C63 15 KB
12 KB 529ms
529ms XHR
application/json 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/getconfig/sodar?sv=200&tid=gpt&tv=m202306290101&st=env

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

18270fef7c90bc4304f466af321fed4feb66d685c0e1a26f903dfedafd3efd3e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:07 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11846
x-xss-protection: 0

GET
H2 200 5e2588a46f82ad050a0139c8
ng2.virgul.com/tck/imp/ Frame 2C63 0
222 B 534ms
533ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5e2588a46f82ad050a0139c8?g=1&t=gb&r=153201@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:07 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 8D9C 0
23 B 535ms
535ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=BJ1RmkZ6sZIeuMbuxx_AP0_iLiAsAAAAAOAHgBAI&bg=!dXaldiLNAAb90kgr3dI7ADkAdvg8WtC5AxkXnmjpguuJqmBVS4uImuctSxxRx6fclOqWmPY08z6jgoaQKKK4KEqFg5mZtTOgNz8CAAACbFIAAAAHaAEHmQMqsWW8zAeVqIepWIRezM2gYMdu-b0PyZfixoOBnQ8TUCu5llAlyjuC9Y59j0f0H565v2RXRIyZ0jlJP2i5Rarw9EAg5XNl2TNByi986DsolvwEUTK8PVqTazbPAvJNz6ss99uhloY9rG6LP2KbkR7OcA6sXHyLognd1MTDyNbKfrkCa5ZaE1EftPVItV3OklDQ6HouoLvP0jTSK7yoUwYSDDlz1VN0PT6eSb-UWr-Cslq0i_IHMNdofIOvc7L8KG89Y4vMVmqjP8lir13T6W9kBpsI8Z5MHQd51PuMtngwY819dh_vf2PJqFLZzZqfuD4M87CfoJFFhcoGDrgDLJYNMM71rIh8QuEQUl1nFh8jpUFE7ESXFga-hAHxuLw_6CP7nRwWBVz-6R8tsZMnciYMwu89BYRlxUVffZ4e_oxqP7t6UwcUcAa0MvRHhWgdtEYqO902Gtp-939LF46Jjsz7riFysKB09WHCkU3vwPXbtQCBsofuwMP8kmmUs6S5SJatAKlwwRRdaV1nWVyl69ez1WrpSrbzWn5VLllEHjI2H3Nwut-1WLchGEqUEpmR5wOW_BElucNDW47uT1gSCD8Yfi-i_nqh9FnqNZgCDxXID1Z6E9TYe02JHLB7VGcc-5ynV-Sdv4iiA7_T8kUCl6BsWcr1JXX30XH-vReKqyg1YyONzM0sbPaNHBVsphx4Syiv-582GwMZEJTEO9vxdD1Tc64W-aks8NeFKa-WwCEP7IAPxYk09-5Vu86Q3qIC7pu7iDQZV0879-ZiOhncGXo406EECaKAFMSipMNbqiRhBKpgsbdkQZK5hYxDsBYvGFFr_B8I7U7K-PvuhNApa2iFDi7_AmoRyOlC6D44F7wTg0-Ixnh1Cv_RaoYDQRLr1BWX_EfMI_TOSlMWcRX35XjMkHHC-YLXjUjYy6XqPBIIcj6bHKAxGr8VfSl-c02JqKYwL7i2pyeanX3WygfTaAD-pu-n0NMj0Q0uW53OrfKWavgC9Nfe-ItaWo09t8zQ8MnMvdHi1-3SzQd2D2JenOXVOi6BBPJdKPy9hOV9vigv-IgMpcxhgfoFu699

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2C63 345 KB
119 KB 518ms
517ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121723
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:13:07 GMT

GET
H2 200 NoktaPlayer.js Show response
c1.imgiz.com/player_others/html5/ Frame 2C63 398 KB
128 KB 542ms
541ms Script
application/javascript 185.7.176.222
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaNpmPlayerApi.js?dts=19549
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.222 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:07 GMT
content-encoding: gzip
last-modified: Mon, 29 May 2023 18:51:56 GMT
server: openresty/1.15.8.3
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=604800
expires: Tue, 18 Jul 2023 00:13:07 GMT

GET
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 4C45 0
23 B 529ms
529ms Image
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=sodar&v=30&t=2&bgai=B3rSJkZ6sZJ6LO7btx_APsraWsAwAAAAAOAHgBAI&bg=!UVKlUgbNAAb90kgr3dI7ADkAdvg8WoFfAtdoTis024p7zI_NkJYYeINylJH6f8IynwbWVL4Da4bube_jUAhDGJqoNfes41VicuECAAACUlIAAAAGaAEHmQM1PUP5cvo0H37LZPmYTLzEEe6QT3u5R5fJiiYtAtoR1xIlCOJUwwoA1umy9DYms9mb_imZKtFaUCgjR0uA7zYPtbVpcAwehh0enuiqQVpILkiKrited9ANppQTVuYzjkhQvHRUYygrxSbq12lhdUh3JS2xsJrMH2h3TxlOzcWTPzFg6aMuvStm_NFKdsU605uVt7bY_Vb5VEVB0qr2bWMYYPRJB9Eu1sEtSEOpeqzjSynaadOGA_T4VVwde9HdFC6SabNrPQxVI4ZpEbzfswyWSTTv1izWyMjJMcquPujGYDUyB9hkZjh_FBSi88NbPWaBBOMq7PmAk8OykvyHuZPghTYJrUrmqBYrfWjNyRScHaCFFuptZ6D5srIbsVc-CZ3WTENUdMA1S0TrGysxzFzPemHNVAoNd9DeFuuVfc_tarH1nLmFzOIdGN9gUHPYG-avL8DHzb-4PB-z0UoJt-H9aV1PpcGbdhqewuESMqN-fE6DHDvxIQt4UCEdeQSUjwyx0XNWO49f89hzonJKwMv0JP7opFyodzHOCqEjzhw0p99jVFgWEj0DMq-WTsBPxIyDwrusQxwFLbbAXjo6AH7JJP22k29K3Px2fbIYKb2Fl8x29XcQK62XlF42Yyrji6IR1YMVfeD-8wkT3FePGHv8GHpjwuqUbvDvebd-bK0bcS8GDy2xg1u8mBsudyvP8CKZw1R4_zaoIgxvNdwxsuv9CkU1ijXayp1qBWblv-5qVCcsRhV6x8MQqKZUcBxk-kNJC6ln4zXy3GZDRqdgq45ifKcPJQZkvEeeTXemw7VX_knCv6Uxh1Y6DMPwhUrhnCIGaRhB1PYnSMOY5Hn39_R4R1LZ8K2dVm7v0cdNK1QvfAEWTcYrq6IHWEiO_uhXTEpF0cdKp8o2d-WyB9CfTwFV5pBR4DXCx7XZ2KScSpVIfEhECA-qmTNWWQzlHygCXQO2EVvpqQ4pq5x3lk1Bn-OHw9c57laxpWa4pS41JRvW9RjT14Yv8yasn0oFwLqFBGUnDZrpF8kb8pF5ylpN2UeD53n6OZUUpGYAX8nqh298U0Npu8ju7UJf4Ow0oSyARGiIkZtONCk

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame D729 0
17 B 567ms
567ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=osv&dmc=8&puid=4~ljxjgp69&c=4648884758039&slotId=2324442379019.5&qqid=CLeFp7SvhYADFUVw4AodxPsF9w&fb=outstream-lima&gpm_i=9&gpm_c=9&gpm_a=9&smb=1000&br=988&mt=video%2Fmp4&vs=640x360&msm=1&aits=0%2C18%2C22%2C37%2C692%2C59%2C342%2C343%2C344%2C345%2C346%2C347&webm=0&vp9=0&vamt=video%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4%2Cvideo%2Fmp4&hvmf=false&vms=1&bit=343&vsrc=web_video_ads&hcn=0&met.4=arp_a_e.rw&ape=1&ple=1&umsem=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/formats/outstream/versioned/prod2/outstream_web_client_20230516_RC00/outstream.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 5e2588ae6f82ad050a013a58
ng.virgul.com/tck/i_vb2/ Frame 2C63 0
222 B 323ms
322ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng.virgul.com/tck/i_vb2/5e2588ae6f82ad050a013a58?l=&r=153184@site_geneli@nefisyemektarifleri:site_geneli&cs=1689034387626&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:07 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame 72A3 42 B
64 B 84ms
83ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjss0LUroOuyBvNOE-gnh2WH5Ufq2wzZaS-NuILwjOXBfjqOitsG3cNuWF1iKJ-5tO4Br8KQRrRotolZv7-S8bJwv9Mp4FYz6&sig=Cg0ArKJSzKNdqsZIdL46EAE&id=lidar2&mcvt=1000&p=0,0,250,300&mtos=1000,1000,1000,1000,1000&tos=1000,0,0,0,0&v=20230705&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=33&adk=0&rs=6&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689034385254&rpt=1594&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://ad.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activeview Show response
pagead2.googlesyndication.com/pcs/ Frame B9FF 42 B
64 B 91ms
90ms Fetch
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pcs/activeview?xai=AKAOjsuvpzy_dQVwuYqrvW7CZ816suNzKIZLdyBh1BiKQTORcVpwban7whwmgeVERHtCkd5oV71WJAsFgqiQEEhrN76rnJxB-ACiJ6xRi11qVF2MDeytrhfclSjLTUNWdNe9C_HNRIO-ySaIYc43&sai=AMfl-YT5dwq7AARQen9X9azHiVkOy_Uzf4wOjcUPHbglLhZYuKt8q6dmKRgVCEFhTEQiYKvCJFPAnGAMWsIPYRxMO1w7Ki10JLukIhOsFs3NkTG0eXxZqOBiKx2pFTU&sig=Cg0ArKJSzKbeYTHPt6-iEAE&cid=CAQSOwBpAlJWy4a9W95Wdgl1Wngo5B91E5Aqb2JcyOF4lOrEhjkl41ZbXNCtWFTvL3Qt2PI27xoYC2__quoDGAE&id=lidar2&mcvt=1003&p=0,0,600,160&mtos=1003,1003,1003,1003,1003&tos=1003,0,0,0,0&v=20230705&bin=7&avms=nio&bs=0,0&mc=1&if=1&vu=1&app=0&itpl=20&adk=4169634498&rs=4&la=0&cr=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ%3D%3D&vs=4&r=v&rst=1689034385625&rpt=1183&met=ie&wmsd=0&pbe=0&vae=0&spb=0&ffslot=0&reach=0&io2=0

Requested by

Host: www.googletagservices.com
URL: https://www.googletagservices.com/activeview/js/current/rx_lidar.js?cache=r20110914

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 sodar2.js Show response
tpc.googlesyndication.com/sodar/ Frame 2C63 17 KB
6 KB 41ms
39ms Script
text/javascript 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2.js

Requested by

Host: securepubads.g.doubleclick.net
URL: https://securepubads.g.doubleclick.net/pagead/managed/js/gpt/m202306290101/pubads_impl.js?cb=31075835

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 6386
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
etag: "1637097310169751"
vary: Accept-Encoding
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
content-type: text/javascript
cache-control: private, max-age=3000
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:13:07 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame C9C8 0
23 B 50ms
48ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=556261232221&version=m202301230201&ct=76&x=1&cor=16072255406061898000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:07 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame B9FF 0
24 B 48ms
48ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=dv3-render&msg=tler&ord=2533640358737&version=m202301230201&ct=76&x=1&cor=4809427012711553000

Requested by

Host: pagead2.googlesyndication.com
URL: https://pagead2.googlesyndication.com/pagead/js/dv3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:08 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 48ms
45ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=initBufferFull&g=h&r=npm_nefisyemektarifleri:n:10710800&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:08 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 47ms
46ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=start&g=m&r=npm_nefisyemektarifleri:n:13::10710800&o=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18:185:1600-1700::&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:08 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 47ms
47ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_nefisyemektarifleri:preroll&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:08 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2C63 107 B
122 B 23ms
23ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
DATA 200
OK truncated
/ Frame 2C63 985 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6efe7e4964448fbdd5349e5116703648d6692fc191736eb19b62515e21a7a3d2

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Type: image/png

GET
H3 200 runner.html Show response
tpc.googlesyndication.com/sodar/sodar2/225/ Frame A602 13 KB
5 KB 15ms
13ms Document
text/html 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 27890
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 5046
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="adspam-signals-scs"
cross-origin-resource-policy: cross-origin
date: Mon, 10 Jul 2023 16:28:18 GMT
expires: Tue, 09 Jul 2024 16:28:18 GMT
last-modified: Mon, 21 Jun 2021 20:47:05 GMT
report-to: {"group":"adspam-signals-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/adspam-signals-scs"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 aframe Show response
www.google.com/recaptcha/api2/ Frame 7967 783 B
536 B 26ms
26ms Document
text/html 2a00:1450:4001:831::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/aframe

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

be569a7f67c977b3d90fab2e487636bba4477593e8bc549d8e0543f55fc82905

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PUkAk_6oZExH6febDY7NHw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=300
content-encoding: gzip
content-length: 514
content-security-policy: script-src 'report-sample' 'nonce-PUkAk_6oZExH6febDY7NHw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 11 Jul 2023 00:13:08 GMT
expires: Tue, 11 Jul 2023 00:13:08 GMT
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0A43 156 B
676 B 344ms
266ms XHR
text/xml 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C21696649314%2Fweb_nyt_preroll_FP3&description_url=http%3A%2F%2Fnefisyemektarifleri.com&env=vp&correlator=2101488274761302&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ad_type=audio_video&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&cust_params=site%3Dnefisyemektarifleri%26env%3Dweb%26mt%3D1689034384322%26r%3D153182%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dnefisyemektarifleri%26plm%3Dnull%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%2Ckarabiber%2Ckuru%20so%C4%9Fan%2Cnohut%2Cpul%20biber%2Cs%C4%B1v%C4%B1%20ya%C4%9F%2Csivri%20biber%2Csu%2Ctuz%26nyt_cat%3Dpost%26hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&sdkv=h.3.580.0&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70%2C728x90&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&sdki=445&ptt=20&adk=3738265048&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.580.0&sid=47C08D31-D38A-47C2-AAA9-5602A67CA954&nel=0&eid=44752711%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&dlt=1689034383875&idt=2080&dt=1689034388039&scor=2058419072659665&ged=ve4_td4_er551.315.704.615_vi0.0.1200.1600_vp100_eb24416

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:08 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js Show response
pagead2.googlesyndication.com/bg/ Frame A602 38 KB
14 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/bg/AOiihYbjk7GyPSPexE3PorOKRXoofTPF8NjvkAglc4c.js

Requested by

Host: tpc.googlesyndication.com
URL: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Wed, 05 Jul 2023 10:17:57 GMT
content-encoding: br
x-content-type-options: nosniff
age: 482111
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 14768
x-xss-protection: 0
last-modified: Mon, 26 Jun 2023 15:28:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="botguard-scs"
vary: Accept-Encoding
report-to: {"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Thu, 04 Jul 2024 10:17:57 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 7967 0
0 48ms
48ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&li=gpt_m202306290101&jk=2446746173552980&rc=
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H3 204 generate_204
tpc.googlesyndication.com/ Frame A602 0
11 B 13ms
13ms Image
text/plain 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tpc.googlesyndication.com/generate_204?Jv_ZnA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://tpc.googlesyndication.com/sodar/sodar2/225/runner.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:08 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 5e2588ae6f82ad050a013a52
ng2.virgul.com/tck/imp/ Frame 2C63 0
222 B 46ms
46ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5e2588ae6f82ad050a013a52?g=1&t=gb&r=153187@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:08 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H3 204 csi
csi.gstatic.com/ Frame 0A43 0
17 B 122ms
121ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=1~ljxjgp2k&c=985379360434&slotId=492689680217&eee=missing-element&bi=missing-id&vast_v=4.0&lima_p_ich=0&lima_p_icu=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 46ms
45ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adError&g=m&r=npm_nefisyemektarifleri:preroll:1009:&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:08 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 46ms
46ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_nefisyemektarifleri:preroll&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:08 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2C63 107 B
122 B 22ms
22ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H2 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0A43 156 B
186 B 245ms
244ms XHR
text/xml 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C21696649314%2Fweb_nyt_preroll_FP2&description_url=http%3A%2F%2Fnefisyemektarifleri.com&env=vp&correlator=2101488274761302&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ad_type=audio_video&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&cust_params=site%3Dnefisyemektarifleri%26env%3Dweb%26mt%3D1689034384322%26r%3D153182%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dnefisyemektarifleri%26plm%3Dnull%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%2Ckarabiber%2Ckuru%20so%C4%9Fan%2Cnohut%2Cpul%20biber%2Cs%C4%B1v%C4%B1%20ya%C4%9F%2Csivri%20biber%2Csu%2Ctuz%26nyt_cat%3Dpost%26hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&sdkv=h.3.580.0&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70%2C728x90&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&sdki=445&ptt=20&adk=3738265048&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.580.0&sid=47C08D31-D38A-47C2-AAA9-5602A67CA954&nel=0&eid=44752711%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&dlt=1689034383875&idt=2080&dt=1689034388401&scor=2058419072659665&ged=ve4_td4_er551.315.704.615_vi0.0.1200.1600_vp100_ts0_eb24416

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:08 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 204 csi
csi.gstatic.com/ Frame 0A43 0
17 B 122ms
121ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=2~ljxjgqzr&c=985379360434&slotId=492689680217&ghmsh_eids=44752711%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:08 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 47ms
46ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adError&g=m&r=npm_nefisyemektarifleri:preroll:1009:&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:08 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 46ms
46ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_nefisyemektarifleri:preroll&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:08 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2C63 107 B
122 B 22ms
22ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0A43 156 B
143 B 338ms
337ms XHR
text/xml 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C21696649314%2Fweb_nyt_preroll_FP1&description_url=http%3A%2F%2Fnefisyemektarifleri.com&env=vp&correlator=2101488274761302&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ad_type=audio_video&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&cust_params=site%3Dnefisyemektarifleri%26env%3Dweb%26mt%3D1689034384322%26r%3D153182%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dnefisyemektarifleri%26plm%3Dnull%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%2Ckarabiber%2Ckuru%20so%C4%9Fan%2Cnohut%2Cpul%20biber%2Cs%C4%B1v%C4%B1%20ya%C4%9F%2Csivri%20biber%2Csu%2Ctuz%26nyt_cat%3Dpost%26hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&sdkv=h.3.580.0&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70%2C728x90&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&sdki=445&ptt=20&adk=3738265048&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.580.0&sid=47C08D31-D38A-47C2-AAA9-5602A67CA954&nel=0&eid=44752711%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&dlt=1689034383875&idt=2080&dt=1689034388665&scor=2058419072659665&ged=ve4_td5_er551.315.704.615_vi0.0.1200.1600_vp100_ts1_eb24416

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:08 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113
x-xss-protection: 0
google-lineitem-id: -2
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: -2
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 204 sodar
pagead2.googlesyndication.com/pagead/ Frame 2C63 0
0 52ms
51ms Image
text/html 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pagead2.googlesyndication.com/pagead/sodar?id=sodar2&v=225&t=2&li=gpt_m202306290101&jk=2446746173552980&bg=!z8ylzJjNAAb90kgr3dI7ADkAdvg8WofPHTp1KCRNmprn_Lr1A1ZVhuLXed4TiBsH8pH5Kj2sdZsdvHM02jEiViU2NbDROQYjBoECAAAAfFIAAAAHaAEHmQLUurw8qgPSB0ZzBLteVWVgXb5DDd9UHVHK8AoWLSzZh-XbSjEED4l0_WaFDu-jqoBgHflBzO2_QgewiuDWB93iVtkG0Ek1BNXdj2BN56hRbFw-sizBt0EkIu4nUSLxspTHSvjZv5pRvLT4n-ecHlkYIpJHuei0b6-VAorEZaeFs8OP3_-KBm_a3ualm1QaP58EGbVB5NsFjg7Wn2ZbKVembjgpSDp54RPSy_Od0o9GlLSabBXLm8TPCqvAgdltdLDckIdkoqnDoPndTunhdb1Qc0ciJIFBa_rIVRHFs75lNErmMNiPdEUW89Ao1c7eXzjdqtR95yzPNaSkDX89N4b-lj_xamWhyLcHKmqR3S_PAbIR26IVVlChmnLc62y9p3myGFAanbMTs3_23RO60g76n9b4tRc6ePAmKFNbQdy1DFpf83lHZOuZoRN3qNHotoddOuec_RqOBTGl28BUKOSU5QPUHltibfdZ7sywwzlRHzZRnT75XkOnlU8EMpu1msOrOCv2wORraGOkrUMU2D8qzXrQtwomQlXiKf3g0SDzdkEnnCxwfdiNY-qsSThHi2H8wmkOzb3r3NsjJ4rK6gEn3-kZI_Q2Gcwa19focy4csKL5_aru8KUVxocwY6nYDw_jTsKBiSMhZkMmJupXFAyD0rzxKEc1ocS3-0bMPdIRX6w5t0C1X_oXQnHWcguOgVVcqxn5Flj2BaSvM4QGYUHoWf25xYRA8CmbNOT6sBYZq_cvsBp8B1CdxcU9MH2mHYd312g-hv46ZQktBFgylnOD3ZzjTCVSLv4IO3tHeeXyZSKugLiU2DUB5MjeKV_05dYClSTOJRADXI9ohwxHzkYrIZlm36CP3tGo9FfhrTNlceM8e0RtCCz40BQwPKzzLqbKaRTv5nBs_YOPqF75DJp8gyU6GmaAKn2A2FrZMQiNmCiPl5W64NhkTnEVAEBPLmFCnQr4XA
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

GET
H/1.1

200
OK

firstevent
samsungturkey.demdex.net/ Frame 2C63
Redirect Chain

https://samsungturkey.demdex.net/event?c_source=desktop&c_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&c_site=nefisyemektarifleri&c_title=Etsiz%20Nohut%20Yeme%C4%9Fi...
https://samsungturkey.demdex.net/firstevent?c_source=desktop&c_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&c_site=nefisyemektarifleri&c_title=Etsiz%20Nohut%20Yeme%C...

42 B
962 B

38ms
38ms

Image
image/gif

52.208.175.244

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://samsungturkey.demdex.net/firstevent?c_source=desktop&c_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&c_site=nefisyemektarifleri&c_title=Etsiz%20Nohut%20Yeme%C4%9Fi%20-%20Nefis%20Yemek%20Tarifleri%20-%20%23248941&c_category=kategori&c_subcategory=&c_day=tuesday&c_time=midnight

Protocol

HTTP/1.1

Server

52.208.175.244 -, , ASN (),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v050-056c40efe.edge-irl1.demdex.com 4 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Vg+x3Ov7R2M=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-2-v050-078f26fe1.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: orWZt69OSgM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://samsungturkey.demdex.net/firstevent?c_source=desktop&c_url=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&c_site=nefisyemektarifleri&c_title=Etsiz%20Nohut%20Yeme%C4%9Fi%20-%20Nefis%20Yemek%20Tarifleri%20-%20%23248941&c_category=kategori&c_subcategory=&c_day=tuesday&c_time=midnight
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H/1.1

200
OK

firstevent
unilever.demdex.net/ Frame 2C63
Redirect Chain

https://unilever.demdex.net/event?d_sid=25454185&cs=1689034388950
https://unilever.demdex.net/firstevent?d_sid=25454185&cs=1689034388950

42 B
952 B

39ms
39ms

Image
image/gif

52.48.127.113

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://unilever.demdex.net/firstevent?d_sid=25454185&cs=1689034388950

Protocol

HTTP/1.1

Server

52.48.127.113 -, , ASN (),

Reverse DNS

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS: dcs-prod-irl1-2-v050-0e4ebe0ec.edge-irl1.demdex.com 6 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: Cc+aAJF7RWQ=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-irl1-1-v050-093c44046.edge-irl1.demdex.com 0 ms
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: KzZ7ZhDYSyM=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://unilever.demdex.net/firstevent?d_sid=25454185&cs=1689034388950
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 5e2588ae6f82ad050a013a58
ng2.virgul.com/tck/imp/ Frame 2C63 0
222 B 46ms
46ms Image
text/plain 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ng2.virgul.com/tck/imp/5e2588ae6f82ad050a013a58?g=1&t=gb&r=153184@site_geneli@nefisyemektarifleri:site_geneli&l=&c=%2Cas%2Crc0%2Chf1%2Cvv1%2Cgpnyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates+sal%C3%A7as%C4%B1%40karabiber%40kuru+so%C4%9Fan%40nohut%40pul+biber%40s%C4%B1v%C4%B1+ya%C4%9F%40sivri+biber%40su%40tuz%26nyt_cat%3Dpost&info=&mt=1689034384322&userId=vnet3deeeafc-679b-4ae2-be37-95d7d8342e18
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: https://www.nefisyemektarifleri.com
date: Tue, 11 Jul 2023 00:13:09 GMT
access-control-allow-credentials: true
expires: Tue, 04 Jan 2022 10:49:40 GMT
server: openresty/1.15.8.3
content-length: 0
p3p: CP='IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT'

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 47ms
45ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adError&g=m&r=npm_nefisyemektarifleri:preroll:1009:&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:09 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

POST
H2 200 count
logger.virgul.com/ Frame 2C63 0
116 B 47ms
46ms Ping
image/jpeg 185.7.176.221
SH

General

Check archive.org

Show headers Download Go to

Full URL: https://logger.virgul.com/count?m=adRequest&g=m&r=npm_nefisyemektarifleri:preroll&o=&iv=&wVID=&info=10710800@117240@117240@13:30@@&os=windows&dt=desktop
Requested by: Host: c1.imgiz.com
URL: https://c1.imgiz.com/player_others/html5/NoktaPlayer.js?d=7/11/2023
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 185.7.176.221 , Turkey, ASN42910 (PREMIERDC-VERI-MERKEZI-ANONIM-SIRKETI PREMIERDC - SH, TR),
Reverse DNS
Software: openresty/1.15.8.3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 11 Jul 2023 00:13:09 GMT
server: openresty/1.15.8.3
content-length: 0
access-control-allow-methods: GET, POST
content-type: image/jpeg

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2C63 107 B
122 B 23ms
22ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET
H3 200 ads Show response
pubads.g.doubleclick.net/gampad/ Frame 0A43 25 KB
4 KB 222ms
222ms XHR
text/xml 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2C21696649314%2Fweb_nyt_preroll&description_url=http%3A%2F%2Fnefisyemektarifleri.com&env=vp&correlator=2101488274761302&tfcd=0&npa=0&gdfp_req=1&output=xml_vast4&sz=640x360&unviewed_position_start=1&ad_type=audio_video&ppid=vnet3deeeafc679b4ae2be3795d7d8342e18&cust_params=site%3Dnefisyemektarifleri%26env%3Dweb%26mt%3D1689034384322%26r%3D153182%40site_geneli%40nefisyemektarifleri%3Asite_geneli%26info%3D%26policy%3D0%26targetCtr%3D0%26viewable%3D2%26site%3Dnefisyemektarifleri%26plm%3Dnull%26pid%3Dvnet3deeeafc-679b-4ae2-be37-95d7d8342e18%26targetCr%3D0%26Mobile%3Dfalse%26env%3Dweb%26webmAd%3D1%26overlay%3D1%26rc%3D0%26datasave%3D0%26nyt%3D1%26video%3D1%26rec%3Dbakliyat-yemekleri%26rec_ing%3Ddomates%20sal%C3%A7as%C4%B1%2Ckarabiber%2Ckuru%20so%C4%9Fan%2Cnohut%2Cpul%20biber%2Cs%C4%B1v%C4%B1%20ya%C4%9F%2Csivri%20biber%2Csu%2Ctuz%26nyt_cat%3Dpost%26hb_uuid%3Dundefined%26hb_cache_id%3Dundefined&sdkv=h.3.580.0&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70%2C728x90&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&sdki=445&ptt=20&adk=3738265048&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.580.0&sid=47C08D31-D38A-47C2-AAA9-5602A67CA954&nel=0&eid=44752711%2C44765701%2C44772139%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275&ref=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&dlt=1689034383875&idt=2080&dt=1689034389152&scor=2058419072659665&ged=ve4_td5_er551.315.704.615_vi0.0.1200.1600_vp100_ts0_eb24416

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

cb89ae83735dc28123b92aa15b9760bb47cf6c25dda8800edbb57ed4166a5ad8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
observe-browsing-topics: ?1
google-mediationgroup-id: -2
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3935
x-xss-protection: 0
google-lineitem-id: 6262817479
pragma: no-cache
server: cafe
google-mediationtag-id: -2
google-creative-id: 138427958564
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
cache-control: no-cache, must-revalidate
access-control-allow-credentials: true
timing-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adx.adform.net/adx/ Frame 0A43 1 KB
1 KB 304ms
141ms XHR
text/xml 37.157.6.233

General

Check archive.org

Show headers Download Go to

Full URL

https://adx.adform.net/adx/?mid=758148&t=2&cs=275079218

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

37.157.6.233 -, , ASN (),

Reverse DNS

Software

nginx /

Resource Hash

a2c1f77fb70c45010238d697657e44d0f6e05be2d69837ce94cf97bc7a74497b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
p3p: CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
pragma: no-cache
server: nginx
accept-ch: Sec-CH-UA,Sec-CH-UA-Arch,Sec-CH-UA-Bitness,Sec-CH-UA-Full-Version-List,Sec-CH-UA-Mobile,Sec-CH-UA-Model,Sec-CH-UA-Platform,Sec-CH-UA-Platform-Version
vary: Accept-Encoding
access-control-allow-methods: GET,OPTIONS
content-type: text/xml
access-control-allow-origin: https://imasdk.googleapis.com
access-control-max-age: 86400
access-control-allow-credentials: true
cache-control: no-cache, no-store, must-revalidate, no-transform
access-control-allow-headers: Content-Type,Cache-Control,Accept-Encoding,X-Requested-With
expires: -1

POST
H3 204 csi
csi.gstatic.com/ Frame 0A43 0
17 B 123ms
123ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=3~ljxjgr6x&c=985379360434&slotId=492689680217&vast_v=3.0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ima3vpaid Show response
tpc.googlesyndication.com/ Frame 0A43 843 B
508 B 213ms
213ms XHR
text/xml 2a00:1450:4001:813::2001
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://tpc.googlesyndication.com/ima3vpaid?vad_format=linear&correlator=&adtagurl=https%3A%2F%2Fpubads.g.doubleclick.net%2Fgampad%2Fads%3Fiu%3D%2F21728129623%2Fnyt_fallback_preroll%26description_url%3Dhttps%253A%252F%252Fwww.nefisyemektarifleri.com%26tfcd%3D0%26npa%3D0%26sz%3D640x360%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26vpos%3Dpreroll%26vpmute%3D0%26vpa%3D1%26type%3Djs

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:813::2001 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

177ba08250ef673c6f08b9a8f8b4ed99b7b874ca8a7d19251eb9aa363abdfa1d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:09 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/xml; charset=UTF-8
access-control-allow-origin: https://imasdk.googleapis.com
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 482
x-xss-protection: 0

POST
H3 204 csi
csi.gstatic.com/ Frame 0A43 0
17 B 134ms
133ms Ping
image/gif 2607:f8b0:4023::78
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://csi.gstatic.com/csi?v=2&s=ima&dmc=8&puid=4~ljxjgs02&c=985379360434&slotId=492689680217&vast_v=2.0&vmfc=1&vhc=0
Requested by: Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4023::78 Clarksville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:09 GMT
last-modified: Wed, 21 Jan 2004 19:51:30 GMT
server: Golfe2
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
pubads.g.doubleclick.net/pagead/interaction/ Frame 0A43 42 B
64 B 98ms
97ms Image
image/gif 2a00:1450:4001:829::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pubads.g.doubleclick.net/pagead/interaction/?ai=BXZQplZ6sZMCdC-yk9u8Ps-SF8A2t2Pi1RgAAABABIN-38Gk4AVikiszXgwRglYKAgLAHsgEccGNsb2FrLmJsb2IuY29yZS53aW5kb3dzLm5ldLoBCzY0MHgzNjBfeG1syAEF2gElaHR0cHM6Ly9wY2xvYWsuYmxvYi5jb3JlLndpbmRvd3MubmV0L8ACAuACAOoCHC8yMTcyODEyOTYyMy93ZWJfbnl0X3ByZXJvbGz4AoHSHpADyAaYA8AHqAMB0ASQTuAEAdIFBhDHhayqF5AGAaAGJKgHmgaoB_PRG6gHltgbqAeqm7ECqAeDrbECqAf_nrECqAffn7EC2AcA4AcB0ggWCIDhgBAQARgdMgKqAjoCgEBIvf3BOtgIAoAKBZgLAYAMAdAVAfgWAYAXAQ&sigh=_NQU_dcb9LI&label=video_ad_loaded&sdkv=h.3.580.0&vci=[CREATIVE_PLAYBACK]

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:09 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 view
securepubads.g.doubleclick.net/pcs/ Frame 0A43 0
26 B 89ms
89ms Image
image/gif 2a00:1450:4001:802::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://securepubads.g.doubleclick.net/pcs/view?xai=AKAOjsso_FqffmJBAGbf5BzaPzSuli25izdDHOoSbwgjqiNkNYgbSxqzjNxcwDxeowlChz5cf10puyncDt4FUeTO0tRllgChe8AlxZhCurw2TosiYpDzczF2Lq7_6gDzxHWfDoMsVVD-VkWhYaima_MGncFy_MuhGgSwn2xxO4qHGGp-n_ir9BJ9OPXg1WE2Jqpe0kBOcESFMS09l_J1kUge3KVns7d9rMgGHDsWG1rZeT-efQpwjSVgKasmhWAbDUvsnHqVTZqi0NGIbNJU-_XjGrruOe2CEQ8p_s0rZVVtRUedKAQEvvAd88dx_ywQuA0lL-tCl6xBQDTpUDVRr1-qF6Plt07ZVY4_2qsPIppx&sai=AMfl-YQYm1nFCdjm5XBB51yw79yudFgyNQJNMYOUEMS4nhsAL5C8pDFRkWjp9ZHcK_V4gM70TcDJaTMt-7TaIFUHh5_ofeo0lCQgcAaOnMA1uJdTmfq9_3Y56igWawc-zA&sig=Cg0ArKJSzL5AnPEWHbkOEAE&uach_m=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&sdkv=h.3.580.0&vci=CkEIAhIYcHViYWRzLmcuZG91YmxlY2xpY2submV0GgRHREZQIAQqCjYyNjI4MTc0NzkyDDEzODQyNzk1ODU2NEDkAQpBCAISDmFkeC5hZGZvcm0ubmV0GgZBZGZvcm0gAyogMjlmODIwOGI0ODYyNGE4MTg3MDcwZjNhMWJlMTk4YzJAswIKUggBEhl0cGMuZ29vZ2xlc3luZGljYXRpb24uY29tGglWUEFJRElNQTMgAioESU1BM0DXAVIdJQAA8EEoAToHdW5rbm93bkIHdW5rbm93blAAYAEYAQ..&adurl=

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://imasdk.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:09 GMT
x-content-type-options: nosniff
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: cafe
content-type: image/gif
access-control-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: private
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0

GET
H3 200 loader.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2185 54 KB
19 KB 13ms
13ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/loader.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

301be161c64c9ad9f2cf1f1fab77f831fcabefb00fd3cc9a0b1e68a0c77ab625

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:05:19 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 470
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19742
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 15:44:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=900
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:20:19 GMT

GET
H3 200 vpaid_adapter.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2185 44 KB
16 KB 24ms
24ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/21728129623/nyt_fallback_preroll%26description_url%3Dhttps%253A%252F%252Fwww.nefisyemektarifleri.com%26tfcd%3D0%26npa%3D0%26sz%3D640x360%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26vpos%3Dpreroll%26vpmute%3D0%26vpa%3D1%26type%3Djs%26channel%3Dvastadp

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b26bafe1d1062eeb211fcabfab568d9b37a7224e043dab8b75c72f49abb713fa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16135
x-xss-protection: 0
last-modified: Mon, 10 Jul 2023 15:44:47 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: public, max-age=900
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:28:10 GMT

GET
H3 200 ima3.js Show response
imasdk.googleapis.com/js/sdkloader/ Frame 2185 345 KB
119 KB 24ms
23ms Script
text/javascript 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/sdkloader/ima3.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/vpaid_adapter.js?adtagurl=https://pubads.g.doubleclick.net/gampad/ads%3Fiu%3D/21728129623/nyt_fallback_preroll%26description_url%3Dhttps%253A%252F%252Fwww.nefisyemektarifleri.com%26tfcd%3D0%26npa%3D0%26sz%3D640x360%26gdfp_req%3D1%26output%3Dvast%26unviewed_position_start%3D1%26env%3Dvp%26vpos%3Dpreroll%26vpmute%3D0%26vpa%3D1%26type%3Djs%26channel%3Dvastadp

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
content-type: text/javascript
cache-control: private, max-age=900, stale-while-revalidate=3600
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 121723
x-xss-protection: 0
expires: Tue, 11 Jul 2023 00:13:10 GMT

POST
H3 204 gen_204
pagead2.googlesyndication.com/pagead/ Frame 2185 0
25 B 49ms
48ms Ping
image/gif 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/pagead/gen_204?id=vpaid_adapter_js&event=init-dv3&vps=0.13939000769997056&wt=1689034390174&sdkv=h.3.580.0&xai=undefined&url=2,https%3A%2F%2Fpcloak.blob.core.windows.net%2F$0

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 11 Jul 2023 00:13:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bridge3.580.0_en.html Show response
imasdk.googleapis.com/js/core/ Frame 7DE5 713 KB
228 KB 18ms
15ms Document
text/html 2a00:1450:4001:831::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://imasdk.googleapis.com/js/core/bridge3.580.0_en.html

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

79c277fbe5ccce5c88a681d39733fba8d6c31f1812f8952ec3a5e35b2b0beab4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.nefisyemektarifleri.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
age: 262676
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: gzip
content-length: 233312
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="ads-doubleclick-instream-static"
cross-origin-resource-policy: cross-origin
date: Fri, 07 Jul 2023 23:15:14 GMT
expires: Sat, 06 Jul 2024 23:15:14 GMT
last-modified: Fri, 07 Jul 2023 23:05:23 GMT
report-to: {"group":"ads-doubleclick-instream-static","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-instream-static"}]}
server: sffe
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 client.js Show response
s0.2mdn.net/instream/video/ Frame 2185 44 KB
16 KB 23ms
22ms Script
text/javascript 2a00:1450:4001:812::2006
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s0.2mdn.net/instream/video/client.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:812::2006 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: sffe
vary: Accept-Encoding
report-to: {"group":"ads-doubleclick-media","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/ads-doubleclick-media"}]}
content-type: text/javascript
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 16746
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="ads-doubleclick-media"
expires: Tue, 11 Jul 2023 00:13:10 GMT

GET
H3 200 omweb-v1.js Show response
pagead2.googlesyndication.com/omsdk/releases/live/ Frame F19A 39 KB
13 KB 15ms
14ms Script
text/javascript 2a00:1450:4001:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pagead2.googlesyndication.com/omsdk/releases/live/omweb-v1.js

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:80f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3ea555c1e979c28e1d20d729c64ff36b267b83dcabdefe96460d9ae860e4082f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Mon, 10 Jul 2023 23:57:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 917
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/omsdk-team-release-policy
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 13681
x-xss-protection: 0
last-modified: Wed, 05 Jul 2023 22:37:09 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="omsdk-team-release-policy"
vary: Accept-Encoding
report-to: {"group":"omsdk-team-release-policy","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/omsdk-team-release-policy"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
expires: Tue, 11 Jul 2023 00:57:53 GMT

GET
H3 200 integrator.js Show response
adservice.google.com/adsid/ Frame 2185 107 B
122 B 22ms
22ms Script
application/javascript 2a00:1450:4001:827::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/adsid/integrator.js?domain=www.nefisyemektarifleri.com

Requested by

Host: imasdk.googleapis.com
URL: https://imasdk.googleapis.com/js/sdkloader/ima3.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:827::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.nefisyemektarifleri.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date: Tue, 11 Jul 2023 00:13:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
content-type: application/javascript; charset=UTF-8
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657 for more info."
cache-control: private, no-cache, no-store
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 100
x-xss-protection: 0

GET ads
pubads.g.doubleclick.net/gampad/ Frame 7DE5 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: pubads.g.doubleclick.net
URL: https://pubads.g.doubleclick.net/gampad/ads?iu=%2F21728129623%2Fnyt_fallback_preroll&description_url=https%3A%2F%2Fwww.nefisyemektarifleri.com&tfcd=0&npa=0&sz=640x360&gdfp_req=1&output=xml_vast4&unviewed_position_start=1&env=vp&vpos=preroll&vpmute=0&vpa=1&type=js&channel=vastadp%2Bvpaidadp_html5&sdkv=h.3.580.0%2Fvpaid_adapter&osd=2&frm=2&vis=1&sdr=1&hl=en&afvsz=200x200%2C250x250%2C300x250%2C336x280%2C450x50%2C468x60%2C480x70%2C728x90&is_amp=0&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&u_so=l&ctv=0&sdki=445&ptt=20&adk=3137413236&sdk_apis=2%2C7%2C8&omid_p=Google1%2Fh.3.580.0&sid=A4BA32A7-ABE2-4731-AD88-DA41927D7E5F&nel=0&eid=44765701%2C44772139%2C44775192%2C44777649%2C44781409%2C44781753%2C44782991%2C44788275&ref=https%3A%2F%2Fwww.nefisyemektarifleri.com%2Fetsiz-nohut-yemegi-248941%2F&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&dt=1689034390524&correlator=2145022449457924&scor=1671827396043383&ged=ve4_td1_tt1_pd1_la1000_er0.0.0.0_vi0.0.0.0_vp0_eb16747

Verdicts & Comments Add Verdict or Comment

10 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

35 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.doubleclick.net/	1970-01-20 17:29:46	Name: APC Value: Aa3gxNqa9HQwALY_bnxwWvsvXL3_9kHM19A94GJcYusrhKVjgfiUVA
.trgde.adocean.pl/	1970-01-20 22:39:22	Name: GAD Value: KlGVvMXGQMGGWaopxiYFm7RUssGMXP8cFRySss9kFLM8GKGGqvoJxFxWLRhHGSfPyG9sXD_nGGMS
.doubleclick.net/	1970-01-20 22:32:10	Name: IDE Value: AHWqTUnb4rvT75BH1q8mFbZo_cjtdhGgz3YWftf9EAGTmSlppjtwv_VayPUCjCSOZWw
.adnxs.com/	1970-01-20 15:20:10	Name: uuid2 Value: 5275924112631735965
.casalemedia.com/	1970-01-20 21:56:10	Name: CMID Value: ZKyekeb2HoFaDortVPyq7QAA
.casalemedia.com/	1970-01-20 15:20:10	Name: CMPS Value: 3264
.casalemedia.com/	1970-01-20 15:20:10	Name: CMPRO Value: 3264
.adnxs.com/	1970-01-20 15:20:10	Name: anj Value: dTM7k!M41.D>6NRF']wIg2GVOk==/v!]tb:8i_iqf!oN/@E'zz<Z0QN#OCoskp!0ls=(HjH0beL>FIBUbSOLX-RkTD._*PlZ[C[-kX-I<dX?
.bidswitch.net/	1970-01-20 21:56:10	Name: tuuid Value: 04abd9ed-8d5b-4f63-9067-dbbbaea3fc35
.bidswitch.net/	1970-01-20 21:56:10	Name: c Value: 1689034386
.bidswitch.net/	1970-01-20 21:56:10	Name: tuuid_lu Value: 1689034386
.quantserve.com/	1970-01-20 15:20:10	Name: d Value: EAkBCQG4KYEA
.quantserve.com/	1970-01-20 22:40:48	Name: mc Value: 64ac9e92-0ba05-f71da-a2bd2
.w55c.net/	1970-01-20 22:42:15	Name: wfivefivec Value: ZjlLUUqL1Qj1065
.adform.net/	1970-01-20 13:55:12	Name: C Value: 1
.w55c.net/	1970-01-20 13:53:46	Name: matchgoogle Value: 5
.adform.net/	1970-01-20 14:36:58	Name: uid Value: 3816642419474757398
.travelaudience.com/	1970-01-20 22:42:15	Name: _tracker Value: %7B%22UUID%22%3A%2278C393DE-EE1A-4527-9AD1-96B75263BC37%22%7D
.de17a.com/	1970-01-20 21:48:58	Name: guid Value: 1.5722238651853979112
.1rx.io/	1970-01-20 21:56:10	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-c216d8d2-2261-4913-8913-294d151b4c55-003%22%7D
.ctnsnet.com/	1970-01-20 21:56:10	Name: cid_b294666496c74ebe91fde2219507c964 Value: 1
.ctnsnet.com/	1970-01-20 21:56:10	Name: gid_CAESEHgvgwspMi9cJ9kkXvn8WA4 Value: 1
.360yield.com/	1970-01-20 15:20:10	Name: tuuid Value: f196dc60-3eae-40dd-9afe-6bb39f02fec1
.360yield.com/	1970-01-20 15:20:10	Name: tuuid_lu Value: 1689034386
.targeting.unrulymedia.com/	1970-01-20 21:56:10	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-c216d8d2-2261-4913-8913-294d151b4c55-003%22%7D
.blismedia.com/	1970-01-20 21:56:14	Name: b Value: 64AC9E92413035C7628E5B46BLIS
.adfarm1.adition.com/	1970-01-20 15:20:10	Name: UserID1 Value: 7254347449696974992
.yahoo.com/	1970-01-20 21:56:31	Name: A3 Value: d=AQABBJKerGQCEBYl-v5ESTzlRvC_piLptuoFEgEBAQHwrWS2ZAAAAAAA_eMAAA&S=AQAAAt2hX7DUCzLXJVtwJV_QQS8
.id5-sync.com/	1970-01-20 13:10:34	Name: cf Value:
.id5-sync.com/	1970-01-20 13:10:34	Name: cip Value:
.id5-sync.com/	1970-01-20 13:10:34	Name: cnac Value:
.id5-sync.com/	1970-01-20 13:10:34	Name: car Value:
.id5-sync.com/	1970-01-20 13:10:34	Name: gdpr Value:
.id5-sync.com/	1970-01-20 13:10:34	Name: callback Value:
.hit.gemius.pl/	1970-01-20 22:39:22	Name: Gdyn Value: KlGURRaGQMQGaLaBvHPFm7RUssGMt1gaL6nxmGBe_UYbbyaUGsRP0QlGvGQprFb8SsL8RDcGFsCB0788MG..

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://pcloak.blob.core.windows.net/web/jquery.min.js Message: Failed to load resource: the server responded with a status of 404 (The specified blob does not exist.)
network	error	URL: https://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-6593523210010154&output=html&adk=1812271804&adf=3279755397&plat=1%3A512%2C2%3A512%2C3%3A512%2C4%3A512%2C8%3A512%2C9%3A33288%2C16%3A8388608%2C17%3A32%2C24%3A32%2C25%3A32%2C26%3A512%2C27%3A512%2C30%3A1081856%2C32%3A32%2C41%3A32%2C42%3A32&format=0x0&url=https%3A%2F%2Fpcloak.blob.core.windows.net%2F&ea=0&pra=5&wgl=1&uach=WyIiLCIiLCIiLCIiLCIiLFtdLDAsbnVsbCwiIixbXSwwXQ..&dt=1689034384502&bpp=5&bdt=627&idt=415&shv=r20230706&mjsv=m202306290101&ptt=9&saldr=aa&nras=1&correlator=985379360434&frm=24&ife=1&pv=2&ga_vid=1708622229.1689034385&ga_sid=1689034385&ga_hid=1596821760&ga_fc=1&nhd=1&u_tz=0&u_his=2&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_sd=1&dmc=8&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=1600&ish=1200&ifk=1843544316&scr_x=-12245933&scr_y=-12245933&eid=44759876%2C44759927%2C44759837%2C31075758%2C44788441%2C21065724&oid=2&pvsid=2446746173552980&tmod=909861124&uas=0&nvt=1&brdim=0%2C0%2C0%2C0%2C1600%2C0%2C1600%2C1200%2C1600%2C1200&vis=1&rsz=%7C%7Cs%7C&abl=NS&fu=0&bc=31&ifi=1&uci=1.2hvw5b7yrmk6&fsb=1&dtd=435 Message: Failed to load resource: the server responded with a status of 403 ()

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a86cf45e08f32cb0bf357b2b9562a20d.safeframe.googlesyndication.com
aax.amazon-adsystem.com
ad.doubleclick.net
ads.travelaudience.com
adservice.google.com
adx.adform.net
ampcid.google.com
ampcid.google.de
bid.g.doubleclick.net
bitbeat7.com
c.amazon-adsystem.com
c.nefisyemektarifleri.com
c1.adform.net
c1.imgiz.com
cm.g.doubleclick.net
cms.quantserve.com
connect.facebook.net
csi.gstatic.com
d5p.de17a.com
dsp.adfarm1.adition.com
dsum-sec.casalemedia.com
feed.pghub.io
fonts.googleapis.com
fonts.gstatic.com
gcdn.2mdn.net
gcm.ctnsnet.com
gdetr.hit.gemius.pl
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
i.nefisyemektarifleri.com
i2.nefisyemektarifleri.com
ib.adnxs.com
id5-sync.com
imasdk.googleapis.com
istr-n23.nktcdn.com
istr.izlesene.com
logger.virgul.com
ls.hit.gemius.pl
match.360yield.com
mn.nytcdn.com
ng.virgul.com
ng2.virgul.com
onetag-sys.com
pagead2.googlesyndication.com
panel.izlesene.com
pcloak.blob.core.windows.net
pghub.io
pixel.rubiconproject.com
placehold.jp
pm.w55c.net
portal.o2online.de
pr-bh.ybp.yahoo.com
pubads.g.doubleclick.net
r2---sn-5hne6n6e.c.2mdn.net
r2---sn-5hnednss.c.2mdn.net
r4---sn-5hne6n6e.c.2mdn.net
rtb.openx.net
s0.2mdn.net
samsungturkey.demdex.net
secure.adnxs.com
securepubads.g.doubleclick.net
ssbsync.smartadserver.com
ssum-sec.casalemedia.com
static.virgul.com
sync.1rx.io
sync.inmobi.com
sync.targeting.unrulymedia.com
sync.teads.tv
tpc.googlesyndication.com
tr.blismedia.com
trgde.adocean.pl
unilever.demdex.net
www.cloakan.co
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.googletagservices.com
www.nefisyemektarifleri.com
x.bidswitch.net
pubads.g.doubleclick.net
104.102.35.84
108.138.1.25
108.138.9.235
141.101.90.97
142.250.184.230
142.250.185.66
142.250.186.98
146.59.30.108
160.16.238.49
162.19.138.82
18.66.147.18
185.7.176.221
185.7.176.222
185.7.176.223
185.7.176.4
185.80.39.216
185.86.139.101
188.165.145.88
20.127.253.7
20.60.220.36
2001:4860:4802:36::178
213.155.156.165
2606:4700:10::6814:e66f
2607:f8b0:4023::78
2620:116:800d:21:ef75:8280:f209:5ba1
2a00:1450:4001:802::2002
2a00:1450:4001:808::200e
2a00:1450:4001:809::2001
2a00:1450:4001:80e::200e
2a00:1450:4001:80f::2002
2a00:1450:4001:80f::2003
2a00:1450:4001:812::2006
2a00:1450:4001:813::2001
2a00:1450:4001:827::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2002
2a00:1450:4001:829::200a
2a00:1450:4001:82b::200e
2a00:1450:4001:830::2008
2a00:1450:4001:831::2002
2a00:1450:4001:831::2004
2a00:1450:4001:831::200a
2a00:1450:400e:17::7
2a00:1450:400e:17::9
2a00:1450:400e:1b::7
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
2a05:d018:d29:3601:3913:20ff:833f:762d
2a06:98c1:3120::3
3.120.19.26
31.3.2.79
34.102.243.38
34.246.32.191
34.96.105.8
35.157.165.108
35.186.193.173
35.190.0.66
35.227.252.103
35.241.45.217
37.157.4.25
37.157.6.233
37.252.171.52
46.228.174.117
51.89.9.251
52.208.175.244
52.48.127.113
69.173.144.165
74.125.133.156
77.245.159.14
85.114.159.93
92.222.252.174
00daef3b4a945d15f73efa05e0ce2ca51f2f8252e1da8fae5c2efb0f6dddacce
00e8a28586e393b1b23d23dec44dcfa2b38a457a287d33c5f0d8ef9008257387
06b99248a163333e36980a6cfb756f1a7de60fa49517162b87b1a44d5d48f844
08204982c484faf6890c60557a4e642971f17625ddddc0559dc0e3ca728ac9e0
084fc1b9025da8d0d117d99c10146907a3c6afeffac6850017147421152223a1
0b29697868cd68cfd1b5650054cc96ea755016b3242bd26469cdbd4e4f6fc18a
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0e5389d4ff8aa7414543574acab723071581bde8808b8ab852e2b3b774fd3a99
0fd0e821ef47075614e9500f81f2077fef9be630b5a63bd40a10b7922026aed7
109551dc23198bb00f09060fa2a78b5a61947f967bd7f360012fd4ae7abfc58a
127ab3ff6d14112ae6aa40b68d9d3144748eda08efbc60a48a5be0555cf8622b
141d2a7ff7d83322d7d1322b62695e25cb491e3b9698f18ee02668c8cbcf798b
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
177ba08250ef673c6f08b9a8f8b4ed99b7b874ca8a7d19251eb9aa363abdfa1d
18270fef7c90bc4304f466af321fed4feb66d685c0e1a26f903dfedafd3efd3e
18e7a53e3b3abd7ac0242719f7f62cb56b8efe7065091585b8ad22cbc2b8c41c
1ddb3277324a871335ef0b7e680de58c9a79b3c1355b4082ca5425818c8a0306
1e4be629de0343e1f1cac6468d90bc5d0f6f4341697bbe062a4092f7e08cd873
1f4644988cfb9648d5236c12056f9ca31317c75544ef8776f4fec148322bb954
208cad1ecb436c132f7331dfd66263e5015566b8963db33bacd6d6963fc714f9
243ff4b38ca5fe323056ea75585fb66ec3ed73293eac13e7d215376f1418eb4a
25280083af87c8d6dbc6ff5bb926bf9d0d373d244cead76893430166b8df0bd6
26ec4365620d6bba2d1f06a2b02ab2312abb8b043209f1eafcb8673525346f65
27961ab8c37cddad89230364167c048c6377a80e38542a5ffbca600faf4098ea
2a778e9ab9b54488a790a724d036cc59fc43af829d33bb647e54f24f7b94b6a4
2af1b8e91e1ea0f27fab2f6bac1dd1d81867b7a2a8d7cef1084fa39309e0ac6f
2bf958c032ce083c26ae980ed92d0360c971e87c183d6bd988e770fc172786c7
2da988427b34614d705adbf808e2e61d91f67bf147db9049e34c99b3624171e8
2ec83381655c8a79a739b55b151d24bf78451562b314fca054876a82d6cee4ab
301be161c64c9ad9f2cf1f1fab77f831fcabefb00fd3cc9a0b1e68a0c77ab625
3164db7ef9efc7121ce85192340a653c6cb87e34caa05849c8fd47b7872f9fc5
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
332d8e2d6964e41c92a430d24b1b469bfdcc30ad072f980b2e7adf241590886a
33addeca1f5b2a05d4cf6fdb3e073ff4c2c097d1eac78bbd4c5e87d1038f046b
378831a6813642059afb6c949ace42d6be131d5387f7b476348cd2e4702c8370
38312b284a104dfa32e4ecfe73f542a66e04fb259e9bcd5e581e45bdeb677487
38501cf8b04f67448d163ac869cbea2b0aa83cc46f9d2f4ee7f70638b70bb4f3
38cd707764af5e7610feaee1542d30cfd86a74d0eee75df12aaf6b1d0ded65e5
3b9166033e13e81c852194510ca321d03a0f3e0f8196cc84858c874a32a0adf4
3e9569df702eb478e6e7699775a0f555b64ef9e89d89a81742bc97c7803dba96
3ea555c1e979c28e1d20d729c64ff36b267b83dcabdefe96460d9ae860e4082f
4347e083fcc7406a94363480146e1cf9c2f88198921ef74fed3eddf6d969725b
450df0e01a070deaa1fa1c33444ba45d0ee367dc7a58060ebd0eb9610ed6ba79
4621960c2ce01b405da6b6652f322bd8904f3e0d867daf7db9dd5d5ad6cc6491
464be521d749b2ba1c7e8c1f87223b56a03ee0bd05484baa0e9067ce9eb9d2be
4651fd93f167c3620b534c30bc23ae2a2e7cf742621d8e6d12553c09c388284a
468959e93f9b4e6f07c6a8f8d0e93d8fcb37d76a8615a93ec153f5842247ba99
46cd6d208b2a8201b2b08698f2afad06e6a1119e2763d6b92ce5b24a9b793820
47d8199865dfcfbad460b752d8a5ce4b85dfdf3f46d2d1bc3ef1715909caed5e
484eef6459e8a58c19115f287339366d82a7c2beeb7a35c7e16789b592515aec
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5056305b09ad6474ea540f796c79be51d6b8e96043cb3d7bc4ef774e56765f4f
5404d9851c9b7f75441d03375fe7f162fdce9fceb0cd88ec104145499ebc46d9
55a119c0394f901a8a297e109c17b5e5402689708b999ab10691c16179f32a4a
569484b8bd9d2c7864a9235728c63ab0037b28d3e0131d165966a9a92988528d
597e4ec7ca2b12f9150e02e04096849d6b06061b09c2d131f1d2225871eedfdf
5dff1c5185bfe98d10fd4b80ad1e2a04d57365a09e631840dce7fd3c79d19971
5f5761311e712ed3bead5c10b77c638114d520411f6834e38385b358fcb51bb8
61c32059a5e94075a7ecff678b33907966fc9cfa384daa01aa057f872da14dbb
64bba7358df0b70cff3572ee3e5a2eee51ae741c86167cd529bc7af0e15682a6
66295bc2bf30464d635bc529ea6975bd37f312eef6e783a94c8170d6e8da690b
66413d92e3b48b21f37de7968a4c6ee6dafb956f4963d0557959a3d10db2c492
6823cdc5c5bc297bd4ac06187687fecb2a5c110658ebd5efba820132571fe6a2
69538b2a4fcb87ea95c09dd062e947c1502b6e97b152e9828619531ff4a92306
6dbe9c2e13cf06c6633ea3fcf6d7bd30452561202a205c75a035cd1d8b93368f
6efe7e4964448fbdd5349e5116703648d6692fc191736eb19b62515e21a7a3d2
6f8a139b2b833bbd7a30c343981c6c8731d7a1600708247a3a75bcfd23ac202b
70b9f9cb8f1feda701490e7fa560a0a2e0309ef259f9d74b301c9712e56efa56
745a085b52b8371ec6705413fca70a28c6d8bff0db480e6b124bd08c54e95ef8
75a11da44c802486bc6f65640aa48a730f0f684c5c07a42ba3cd1735eb3fb070
7651e84a25717b2c9fdf7263e3141b46b0c9d8e27e62824d7e6126f30ebbddb7
7876391f25f26ccf3297d78d34a1922dcc16c54fcaa51e8622e90bbc6fc96e80
79c277fbe5ccce5c88a681d39733fba8d6c31f1812f8952ec3a5e35b2b0beab4
7b6ad08a66b7925e557e069b9c9fcab676f04fbc22535b7b12c0d8eca8d48803
7b8b3db8bc93666d3bd03eb5b62d59ade16ef138ee6c1156dbf249516f811997
7b98b76a2c21d271449e6e0f60cb5f0a035d42312e6049622a974dec3fff2ae2
7bbd910982260037f1c9d83f2c7fe743e789ca06dd54c9eb56c2598b7b928fd0
7d4095ea226f3f80d6d4fc62e3737dd5107fd9d4aa4a443cac11378b102f64b6
7ef7148f577d4b8db5481c0c82ec42fc53e2b2d3c7f83b2662977759f58477ea
8187dcb05ebcfc94502aeec0524c23c7d22afbafe17aff1d39acc1d59a3a52db
823095b985c5cc4aaa4983f8a6f836445644a61f8e089f4e1e16ebf75d8881b6
82ee1e40c5621a84f4cd861d9d7212c7bb94ffde5bdf1bc8cb1f4e32dff9c4e0
83bd309965c32a247583c3fa802d5710150bd96c147b9933f7bf71b6b482f27f
886a2ff3ff2a76e50d8387582d03539c71d06dbd4314cd8cc955ea08b5cf752f
8973dd5cf4867f0c35f1cf04a1c39d78becf98f01576802566c09c403fa2bb7e
8c89853a9ba40b986530b44423e07d7ffc96e76f513682c15a4bb9bf4516c5b1
8cd629187427fdb93787d7156be7a32c391bb2a8da471bbaa274e806e48b36e7
8d6798011ddff641edf6f9468d9c531234b74654391a5e9aa172547982eaa08e
90fe049ee82e8f6eb3e041e7432a77ce287c56dae353f85b1e70204577215c67
91c29ef9b0cf77b5f4864470209f3bce975cf8989cb579d04336f44387c9e6bc
97cca378266a80b45a00de0c6f7731328bfc0ad7e6d9b6428efe3d76be2e19d7
98d2e3edd14aa506c4521125c7cdb7bb3030d7caae5803feec6d2613195ee955
991bfe84fec788f2b7d432b99a60c1e2aa2e799bc0137da8cf478299d0fc9a10
9a9b7fb32e01fd70747f32efdbd0472fd681c85eebb0c42d10c7a514820a0062
9b279f62d8ab632481b6d6fda4c49c8b9ee7fd77988c13e4b8baa7007d37b10c
9ff367082be1d94abc86ad1e75ff921cc5d53846e860267372fade66305f9120
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d3a0aff7dc3bf32d2176fc3dcda6e7aba2867c4f4d1f7af6355d2cfc6c44f8
a2c1f77fb70c45010238d697657e44d0f6e05be2d69837ce94cf97bc7a74497b
a2ff6717bd218c66ffde415472bdaf58a1384725840a862a466317727eaaab1b
a3043be71adeabe66264623fc2aa5113454c310de9192535cad9cf960b6084ff
a4a1824defec1084ca81d496ee77891684c26196924bdc4fc21dd3482ce15e14
a6d36aa3d742ccd6f1ca3c76dcf885af72f7bebe2fcc001ea011a7aea2f55678
a883e74d2f7c31294beaf47eb691d0fa07414cc3ef857e53b768960c94f23a31
a9f55a9e4658a9960455f9485c446ea9874f2590ae283801311d84e908536cc2
ab49b06f01ba01695f3b425793784b260bc2dea123e763d6201f234f2315c9ad
add347e23d6d68d50f456f663e081078bf03026f868ca4aa31e6b0f8f5354e01
ae9e8c27eddc095bf349a965776f1db4340da5231aa01359793cbebcb265f300
b0b4aeb68bc1a52b72372d2fa563bab797f7c09b8ddf8f752d0daeee553707c1
b121a7b8557227d37640ea014669f2027a49c4d47ffa02342368098c44dba3f8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b26bafe1d1062eeb211fcabfab568d9b37a7224e043dab8b75c72f49abb713fa
b477d5d25a590bf57853442c91c9c3ebca25dbd25df8f03402c09bbd6812afcc
b633a587c652d02386c4f16f8c6f6aab7352d97f16367c3c40576214372dd628
b9f1f334eb1e6c08aac717173cbf89930c1166459e7b82fabb07c0fdca2442eb
bd4d8b7f56b06140ad3542041b66f635d9cbd4e0da6cc7d17a0e16d014aa2498
be569a7f67c977b3d90fab2e487636bba4477593e8bc549d8e0543f55fc82905
bea17c8870ba8dae9515993b5c55b65437f03f0e2672e1c3d3dbe7872dd74e5c
c284299aeec8595fd3a10dcd2c27022edfda37c815571843a90c45cad18ace95
c3b1ca5d98d4076ec5875d96d79179647df3148e16005ec6c2b7e131eabecbb5
c427553964bfa608fd869a3665b7c12d4d9a935e147d264f8a094be96e99ec3a
c46be04df9d9d182d48649edf8a0b1ea96acf62c5ea39a1693a87051a0b756aa
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cb89ae83735dc28123b92aa15b9760bb47cf6c25dda8800edbb57ed4166a5ad8
cbcb528af7c43cf9a3bad6ba2c2539e89722848b62ea05d11be29ea1949eafd5
cde2d86c6323204b3e715d09b58ab41ecf370b5a10cb1d61fa76b77e0a0a75c0
cf906196a7c1414e11983955e101a051d55a864f2bc9fd52a453d952d92fd9b5
cff57bb539a961e5816127eb4b662175d6a1c92917effe0f943de85c35911101
d0bffc7261df1454c5e05475cda7d9e6647318dc6c3936767e1252bfe8849c54
d3002e63c4d3d76bb53d4618f047d2c0a50b692602ea8d6f19ef19bd1dfade34
d3709af341a4c3a777ceb714f224ff419e29783a79f18ba9e70cc91494811c82
d9fd0aeda423bd39a36871759ef7b17dab3d51e5981cd5839103f990b8b9ef60
dafa5a247facfc545e94a09ea12da423909aefca05557ec1a73e6d296fc540aa
dbc211260f3fb81e545fbebe8be8c367ebe670a585e60e1ec58524c06723ecbc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0757fc98355b7ff4d0bdc506c1ef2aa69aac074686194c2e7690ffdc913035a
e2ec81b19233fd4cd6ef5adcb45c0cbec6bd5673716ba0454ce56b67486ece46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e46eb58f99814c32c849b97a268129ddb14ca88e9070964ee75a2cd987c66839
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f289d19af02c60f0f10ce952bc3ccbcb5dece34abd2e63f7ea18c0672eede763
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f86c74a7863cd1fa2343f0371ccbac47085bdb301f0df1785c5a4337bd044d24
fa8b5cbc4819d72a86fc1a972c838c723cecb06df25466adf42c9250477f1125

pcloak.blob.core.windows.net Open in urlscan Pro 20.60.220.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

351 Requests

88 %HTTPS

39 %IPv6

50 Domains

80 Subdomains

57 IPs

10 Countries

11452 kBTransfer

21082 kBSize

35 Cookies

0 Outgoing links

Redirected requests

351 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pcloak.blob.core.windows.net Open in urlscan Pro
20.60.220.36 Public Scan

Screenshot
Live screenshot

Full Image

351
Requests

88 %
HTTPS

39 %
IPv6

50
Domains

80
Subdomains

57
IPs

10
Countries

11452 kB
Transfer

21082 kB
Size

35
Cookies

351 HTTP transactions
7 data transactions